Re: BUG #10680: LDAP bind password leaks to log on failed authentication

Thanks for the continued discussion on this issue.

It seems like, generally, fixing this vulnerability is getting a green light.

I wouldn't mind re-working the patch for this bug if I knew the
consensus on the preferred implementation. As I mentioned previously,
I'm new here, so how do I go about soliciting "votes" (or otherwise)
the preferred approach so that I may move forward.

Thanks!

Steve

On Thu, Jun 19, 2014 at 12:09 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>> On Thu, Jun 19, 2014 at 5:37 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> > I actually don't really see a huge problem with 1, but I need to go
>> > review the thread in more detail...
>>
>> The reason the raw line was added in the first place was debugging cases
>> where the running pg_hba.conf might not be the same as the one in the
>> filesystem - either because of a reload not being done, or a reload of a
>> broken file.
>
> erm, not entirely convinced that's a great reason to log the whole line,
> but..
>
>> I think 3 is a good option of these, assuming we can do it in a reasonably
>> good way.
>
> I'd be fine with this approach. I'd definitely like to see this
> addressed in some manner because it's, clearly, not going to go away as
> a request (I remember dealing with similar issues quite a few years ago
> and all the arguments about how it "should" be ok to log passwords
> didn't fly and we ended up having to address it also).
>
> Thanks,
>
> Stephen