Re: Insecurity of ODBC debug logging files

From: Lothar Behrens <lothar(dot)behrens(at)lollisoft(dot)de>
To: <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org>
Subject: Re: Insecurity of ODBC debug logging files
Date: 2005-10-06 04:19:04
Message-ID: 6fa515dd201166ec1d9b916192a52fb7@lollisoft.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-odbc


Am 05.10.2005 um 21:08 schrieb Dave Page:

>> But even then, a log file will frequently contain
>> sensitive data (eg, credit card numbers appearing in INSERT
>> statements).
>> Seems to me that there should also be some care taken to make the log
>> file not world-readable.
>
> I'll have a look at writing them with mode 600 on *nix. On Win9x and NT
> based systems with FAT partitions there's nothing we can do of course.
> I'd rather not make the filenames unpredicatable though as that'll make
> it difficult for us to tell users how to track down the right debug
> log.
>

Hi,

what about a special database type like sensitive or an encrypted
column type ?
If the ODBC driver comes across of such a column, it could be masked
out as well.

Regards, Lothar

> Regards, Dave.
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that
> your
> message can get through to the mailing list cleanly
>
>
--
Lothar Behrens | Rapid Prototyping ...
Rosmarinstr 3 |
40235 Düsseldorf | www.lollisoft.de

In response to

Browse pgsql-odbc by date

  From Date Subject
Next Message Mahesh Vyas 2005-10-06 04:32:49 unsubscribe
Previous Message Zlatko Matić 2005-10-05 20:33:01 Re: [INTERFACES] [ODBC] Unbound text box, Text > 255 characters, MSAccess/PostgreSQL