Re: password leak in mylog thru win odbc - Mailing list pgsql-odbc

From pg
Subject Re: password leak in mylog thru win odbc
Date
Msg-id 000d01c2efcc$c20d17c0$2101a8c0@newhonest.com
Whole thread Raw
In response to Re: password leak in mylog thru win odbc  ("Hiroshi Inoue" <Inoue@tpf.co.jp>)
List pgsql-odbc
Thank you once again Hiroshi, it is working now. But I found that when I
changed the length of password, some "hidden" password showed the length of
the actual password, which might raise the leaking (or guessing) risk a
little bit. Part of Mylog as following (user = test1, password =
abcdefghijk) :

============
.....
[-600497]copyAttributes:
DSN='',server='192.168.1.100',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-600497]attribute = 'DEBUG', value = '0'
[-600497]copyAttributes:
DSN='',server='192.168.1.100',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-600497]our_connect_string =
'DRIVER={PostgreSQL};UID=test1;PWD=xxxxxxxxxxx;SERVER=192.168.1.100;PORT=543
2;DATABASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUMN=0;
ROWVERSIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;UNKNO
WNSIZES=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1;USE
DECLAREFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1;PAR
SE=0;CANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-600497]attribute = 'DRIVER', value = '{PostgreSQL}'
......
==========
some password='xxxxx' : the length is fixed to 5 digit.
but our_connect_string = .....PWD=xxxxxxxxxxx : which showed the actual
length of my password "abcdefghijk"
=============

-Jason

----- Original Message -----
From: "Hiroshi Inoue" <Inoue@tpf.co.jp>
To: "pg" <pg@newhonest.com>
Cc: <pgsql-odbc@postgresql.org>
Sent: Friday, March 21, 2003 11:50 PM
Subject: RE: [ODBC] password leak in mylog thru win odbc


> > -----Original Message-----
> > From: pg [mailto:pg@newhonest.com]
> >
> > Thank you Hiroshi. Part of the log is using "xxxx" as pwd, but the
> > connecting string still has the password
>
> OK Please retry the snapshot dll at
>  http://www.geocities.jp/inocchichichi/psqlodbc/ .
>
> regards,
> Hiroshi Inoue
> http://www.geocities.jp/inocchichichi/psqlodbc/
>
>


pgsql-odbc by date:

Previous
From: Andreas Pflug
Date:
Subject: Re: using domain types with ODBC, esp. lo
Next
From: Bruce Momjian
Date:
Subject: Re: bug in info.c file - incorrect SQL