Re: Security of ODBC debug log file leaves something to be desired

Quoting Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:

> I got a complaint here
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
> pointing out that when you set debug=1, the generated log file
> is world-readable by default, which doesn't seem like a good
> idea when it may contain your password.
> Any thoughts about fixing this? It's hard to believe no one
> has pointed it out before, so I was wondering if there was some
> good reason for doing it like this.

Read your comments in the bug report. No, it is not intentional.
It is just YA case of ODBC paying only lip service to security.
There are still many commercial drivers that send the password over TCP,
in the clear. Gah.

Both the driver manager and the driver write to the debug log.
Each of them is responsible for not doing things like that!
File permissions on the log itself are rather weak protection.

When I worked for Simba (ODBC kit/SQL engine company, now owned by orbital.com)
we patch iODBC so that the password string was overwritten with "*"s
before it was logged; and our driver kit did the same.
It is simple to fix. Can't guarantee I can make the time right now;
having too much antifun with Postgres performance on Solaris.

--
"Dreams come true, not free." -- S.Sondheim, ITW