Quick Links

Re: postgresql 8.3 logging user passwords in clear text

From:	Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
To:	Keith Pinnix <kpinnix(at)yahoo(dot)com>, pgsql-admin(at)postgresql(dot)org
Subject:	Re: postgresql 8.3 logging user passwords in clear text
Date:	2010-08-24 19:01:51
Message-ID:	AANLkTin+RnK=K0tONO0M+q9xtfqgLdEx-1TwvELO7VwX@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix(at)yahoo(dot)com> wrote:
> Scott:
>
> The entries are from dblimk something like below:
>
> SELECT * FROM dblink('dbname=XXXXXX host=XXXXXX port=XXX user=XXXXX
> password=XXXXXXX ',
>
> We use this feature quite a bit and this presents quite a security issue.
> We are currently using 8.3.

You could set up those machines to connect via trust. But yeah,
dblink otherwise has passwords in the connect string.

In response to

Re: postgresql 8.3 logging user passwords in clear text at 2010-08-24 06:36:21 from Scott Marlowe

Responses

Re: postgresql 8.3 logging user passwords in clear text at 2010-08-24 19:40:35 from Tom Lane

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Ian Lea	2010-08-24 19:07:37	Re: trouble restoring database
Previous Message	Ozer, Pam	2010-08-24 18:43:39	Case Insensitive Database