| From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Kevin Grittner <kgrittn(at)ymail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)2ndquadrant(dot)com>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Directory/File Access Permissions for COPY and Generic File Access Functions |
| Date: | 2014-10-29 19:41:10 |
| Message-ID: | 545142D6.7@BlueTreble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/29/14, 2:33 PM, Tom Lane wrote:
> Capture the postmaster log. Keep on capturing it till somebody
> fat-fingers their login to the extent of swapping the username and
> password (yeah, I've done that, haven't you?).
Which begs the question: why on earth do we log passwords at all? This is a problem for ALTER ROLE too.
Perhaps it would make sense if we had a dedicated security log this stuff went into, but if you're running something like pgBadger/pgFouine you're going to be copying logfiles off somewhere else and now you've got a security problem.
Let alone if you're using syslog...
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2014-10-29 19:46:41 | Re: Replication identifiers, take 3 |
| Previous Message | Andres Freund | 2014-10-29 19:40:21 | Re: WIP: Access method extendability |