Skip site navigation (1) Skip section navigation (2)

Re: Insecurity of ODBC debug logging files

From: Lothar Behrens <lothar(dot)behrens(at)lollisoft(dot)de>
To: <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org>
Subject: Re: Insecurity of ODBC debug logging files
Date: 2005-10-06 04:19:04
Message-ID: 6fa515dd201166ec1d9b916192a52fb7@lollisoft.de (view raw or flat)
Thread:
Lists: pgsql-odbc
Am 05.10.2005 um 21:08 schrieb Dave Page:

>> But even then, a log file will frequently contain
>> sensitive data (eg, credit card numbers appearing in INSERT
>> statements).
>> Seems to me that there should also be some care taken to make the log
>> file not world-readable.
>
> I'll have a look at writing them with mode 600 on *nix. On Win9x and NT
> based systems with FAT partitions there's nothing we can do of course.
> I'd rather not make the filenames unpredicatable though as that'll make
> it difficult for us to tell users how to track down the right debug 
> log.
>

Hi,

what about a special database type like sensitive or an encrypted 
column type ?
If the ODBC driver comes across of such a column, it could be masked 
out as well.

Regards, Lothar

> Regards, Dave.
>
> ---------------------------(end of 
> broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo(at)postgresql(dot)org so that 
> your
>        message can get through to the mailing list cleanly
>
>
--
Lothar Behrens	|	Rapid Prototyping ...
Rosmarinstr 3		|	
40235 Düsseldorf  	|	www.lollisoft.de



In response to

pgsql-odbc by date

Next:From: Mahesh VyasDate: 2005-10-06 04:32:49
Subject: unsubscribe
Previous:From: Zlatko MatićDate: 2005-10-05 20:33:01
Subject: Re: [INTERFACES] [ODBC] Unbound text box, Text > 255 characters, MSAccess/PostgreSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group