I got a complaint here
pointing out that when you set debug=1, the generated log file
is world-readable by default, which doesn't seem like a good
idea when it may contain your password. Also, since the name
of the file is pretty predictable, there is an opportunity
for a symlink redirection attack (though I doubt anything
really interesting could be accomplished that way).
Any thoughts about fixing this? It's hard to believe no one
has pointed it out before, so I was wondering if there was some
good reason for doing it like this.
regards, tom lane
pgsql-odbc by date
|Next:||From: Mischa Sandberg||Date: 2005-04-08 05:24:45|
|Subject: Re: Security of ODBC debug log file leaves something to be desired|
|Previous:||From: Robert Max Kramer||Date: 2005-04-07 18:03:47|
|Subject: Driver uses always UTF-8?|