Skip site navigation (1) Skip section navigation (2)

Insecurity of ODBC debug logging files

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-odbc(at)postgresql(dot)org
Subject: Insecurity of ODBC debug logging files
Date: 2005-10-05 17:50:03
Message-ID: 846.1128534603@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-odbc
I have a gripe here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
about the fact that ODBC is willing to store passwords into debug log
files that aren't secure.  Anyone want to do something about it?

Offhand it seems like simply omitting the password from the log wouldn't
be a bad idea.  But even then, a log file will frequently contain
sensitive data (eg, credit card numbers appearing in INSERT statements).
Seems to me that there should also be some care taken to make the log
file not world-readable.

			regards, tom lane

pgsql-odbc by date

Next:From: Tom LaneDate: 2005-10-05 17:55:14
Subject: Re: Just as an FYI We are up solid now on pgsql libpq version
Previous:From: Dave PageDate: 2005-10-05 07:31:32
Subject: Re: Just as an FYI We are up solid now on pgsql libpq version

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group