I have a gripe here:
about the fact that ODBC is willing to store passwords into debug log
files that aren't secure. Anyone want to do something about it?
Offhand it seems like simply omitting the password from the log wouldn't
be a bad idea. But even then, a log file will frequently contain
sensitive data (eg, credit card numbers appearing in INSERT statements).
Seems to me that there should also be some care taken to make the log
file not world-readable.
regards, tom lane
pgsql-odbc by date
|Next:||From: Tom Lane||Date: 2005-10-05 17:55:14|
|Subject: Re: Just as an FYI We are up solid now on pgsql libpq version |
|Previous:||From: Dave Page||Date: 2005-10-05 07:31:32|
|Subject: Re: Just as an FYI We are up solid now on pgsql libpq version|