Skip site navigation (1) Skip section navigation (2)


From: "Mahesh Vyas" <mvyas(at)quark(dot)com>
To: <pgsql-odbc(at)postgresql(dot)org>
Subject: unsubscribe
Date: 2005-10-06 04:32:49
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-odbc

-----Original Message-----
From: pgsql-odbc-owner(at)postgresql(dot)org [mailto:pgsql-odbc-owner(at)postgresql(dot)org] On Behalf Of Lothar Behrens
Sent: Thursday, October 06, 2005 9:49 AM
To: <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org>
Subject: Re: [ODBC] Insecurity of ODBC debug logging files

Am 05.10.2005 um 21:08 schrieb Dave Page:

>> But even then, a log file will frequently contain sensitive data (eg, 
>> credit card numbers appearing in INSERT statements).
>> Seems to me that there should also be some care taken to make the log 
>> file not world-readable.
> I'll have a look at writing them with mode 600 on *nix. On Win9x and 
> NT based systems with FAT partitions there's nothing we can do of course.
> I'd rather not make the filenames unpredicatable though as that'll 
> make it difficult for us to tell users how to track down the right 
> debug log.


what about a special database type like sensitive or an encrypted column type ?
If the ODBC driver comes across of such a column, it could be masked out as well.

Regards, Lothar

> Regards, Dave.
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo(at)postgresql(dot)org so that 
> your
>        message can get through to the mailing list cleanly
Lothar Behrens	|	Rapid Prototyping ...
Rosmarinstr 3		|	
40235 Düsseldorf  	|

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not

pgsql-odbc by date

Next:From: Bazil RoshanDate: 2005-10-07 12:10:27
Subject: QUERY : RE: Four art Names
Previous:From: Lothar BehrensDate: 2005-10-06 04:19:04
Subject: Re: Insecurity of ODBC debug logging files

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group