| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
| Cc: | Keith Pinnix <kpinnix(at)yahoo(dot)com>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: postgresql 8.3 logging user passwords in clear text |
| Date: | 2010-08-24 19:40:35 |
| Message-ID: | 3753.1282678835@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> writes:
> On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix(at)yahoo(dot)com> wrote:
>> The entries are from dblimk something like below:
>> SELECT * FROM dblink('dbname=XXXXXX host=XXXXXX port=XXX user=XXXXX
>> password=XXXXXXX ',
> You could set up those machines to connect via trust. But yeah,
> dblink otherwise has passwords in the connect string.
Actually, the general opinion on this is that the postmaster log files
have to be protected because they might contain sensitive data;
*especially* so if you're enabling log_statements, but even without
that. dblink passwords are just one small manifestation of the general
problem. As an example, you might be inserting customers' credit card
numbers or some such into your tables. Even if the log_statement
mechanism understood that it should hide passwords, it's hardly likely
to know that specific bits of ordinary data have security implications.
IOW: you're trying to fix this in the wrong place. Secure your
logfiles, don't imagine that you can prevent there being any sensitive
info in them.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ozer, Pam | 2010-08-24 21:20:05 | Re: Case Insensitive Database |
| Previous Message | Kevin Grittner | 2010-08-24 19:12:15 | Re: trouble restoring database |