Re: password leak in mylog thru win odbc - Mailing list pgsql-odbc

From pg
Subject Re: password leak in mylog thru win odbc
Date
Msg-id 003701c2ef6d$8aa15da0$2101a8c0@newhonest.com
Whole thread Raw
In response to password leak in mylog thru win odbc  ("pg" <pg@newhonest.com>)
Responses Re: password leak in mylog thru win odbc
List pgsql-odbc
Thank you Hiroshi. Part of the log is using "xxxx" as pwd, but the
connecting string still has the password

Mylog as follows :

=============
[-637877]globals.extra_systable_prefixes = 'dd_;'
[-637877]aszKey='DSN', value='PostgreSQL'
[-637877]copyAttributes:
DSN='PostgreSQL',server='',dbase='',user='',passwd='xxxxx',port='',onlyread=
'',protocol='',conn_settings='',disallow_premature=-1)
[-637877]globals.extra_systable_prefixes = 'dd_;'
[-102935185]globals.extra_systable_prefixes = 'dd_;'
[-102935185][SQLAllocEnv][-102935185]**** in PGAPI_AllocEnv **
[-102935185]** exit PGAPI_AllocEnv: phenv = 72945392 **
[-102935185][SQLAllocConnect][-102935185]PGAPI_AllocConnect: entering...
[-102935185]**** PGAPI_AllocConnect: henv = 72945392, conn = 71844416
[-102935185]EN_add_connection: self = 72945392, conn = 71844416
[-102935185]       added at i =0, conn->henv = 72945392, conns[i]->henv =
72945392
[-102935185][SQLGetInfo][-102935185]PGAPI_GetInfo: entering...fInfoType=77
[-102935185]PGAPI_GetInfo: p='02.50', len=0, value=0, cbMax=12
[-102935185][SQLSetConnectionOption][-102935185]PGAPI_SetConnectOption:
entering fOption = 103 vParam = 15
[-102935185][SQLDriverConnect][-102935185]PGAPI_DriverConnect: entering...
[-102935185]**** PGAPI_DriverConnect: fDriverCompletion=0,
connStrIn='DRIVER={PostgreSQL};UID=test1;PWD=test1;SERVER=192.168.1.103;PORT
=5432;DATABASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUM
N=0;ROWVERSIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;U
NKNOWNSIZES=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1
;USEDECLAREFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1
;PARSE=0;CANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-102935185]our_connect_string =
'DRIVER={PostgreSQL};UID=test1;PWD=test1;SERVER=192.168.1.103;PORT=5432;DATA
BASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUMN=0;ROWVER
SIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;UNKNOWNSIZE
S=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1;USEDECLAR
EFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1;PARSE=0;C
ANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-102935185]attribute = 'DRIVER', value = '{PostgreSQL}'
[-102935185]copyAttributes:
DSN='',server='',dbase='',user='',passwd='xxxxx',port='',onlyread='',protoco
l='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'UID', value = 'test1'
[-102935185]copyAttributes:
DSN='',server='',dbase='',user='test1',passwd='xxxxx',port='',onlyread='',pr
otocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'PWD', value = 'xxxxx'
[-102935185]copyAttributes:
DSN='',server='',dbase='',user='test1',passwd='xxxxx',port='',onlyread='',pr
otocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'SERVER', value = '192.168.1.103'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='',user='test1',passwd='xxxxx',port='',o
nlyread='',protocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'PORT', value = '5432'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='',user='test1',passwd='xxxxx',port='543
2',onlyread='',protocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'DATABASE', value = 'template1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='',protocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'READONLY', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='',conn_settings='',disallow_premature=-1)
[-102935185]attribute = 'PROTOCOL', value = '6.4'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'FAKEOIDINDEX', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'SHOWOIDCOLUMN', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'ROWVERSIONING', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'SHOWSYSTEMTABLES', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'CONNSETTINGS', value = ''
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'FETCH', value = '100'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'SOCKET', value = '4096'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'UNKNOWNSIZES', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'MAXVARCHARSIZE', value = '254'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'MAXLONGVARCHARSIZE', value = '65536'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'OPTIMIZER', value = '1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'KSQO', value = '1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'USEDECLAREFETCH', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'TEXTASLONGVARCHAR', value = '1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'UNKNOWNSASLONGVARCHAR', value = '1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'BOOLSASCHAR', value = '1'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'PARSE', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'CANCELASFREESTMT', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'EXTRASYSTABLEPREFIXES', value = 'dd_'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'COMMLOG', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]attribute = 'DEBUG', value = '0'
[-102935185]copyAttributes:
DSN='',server='192.168.1.103',dbase='template1',user='test1',passwd='xxxxx',
port='5432',onlyread='0',protocol='6.4',conn_settings='',disallow_premature=
-1)
[-102935185]our_connect_string =
'DRIVER={PostgreSQL};UID=test1;PWD=test1;SERVER=192.168.1.103;PORT=5432;DATA
BASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUMN=0;ROWVER
SIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;UNKNOWNSIZE
S=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1;USEDECLAR
EFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1;PARSE=0;C
ANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-102935185]attribute = 'DRIVER', value = '{PostgreSQL}'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'UID', value = 'test1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'PWD', value = 'xxxxx'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'SERVER', value = '192.168.1.103'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'PORT', value = '5432'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'DATABASE', value = 'template1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'READONLY', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'PROTOCOL', value = '6.4'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'FAKEOIDINDEX', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'SHOWOIDCOLUMN', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'ROWVERSIONING', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'SHOWSYSTEMTABLES', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'CONNSETTINGS', value = ''
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'FETCH', value = '100'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'SOCKET', value = '4096'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'UNKNOWNSIZES', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'MAXVARCHARSIZE', value = '254'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=8190;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;C
0=0;C1=0;C2=dd_;[-102935185]attribute = 'MAXLONGVARCHARSIZE', value =
'65536'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'OPTIMIZER', value = '1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'KSQO', value = '1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'USEDECLAREFETCH', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'TEXTASLONGVARCHAR', value = '1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=0;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'UNKNOWNSASLONGVARCHAR', value =
'1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'BOOLSASCHAR', value = '1'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'PARSE', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'CANCELASFREESTMT', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_;[-102935185]attribute = 'EXTRASYSTABLEPREFIXES', value =
'dd_'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=1;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_[-102935185]attribute = 'COMMLOG', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=1;B3=0;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_[-102935185]attribute = 'DEBUG', value = '0'
[-102935185]CopyCommonAttributes:
A7=100;A8=4096;A9=0;B0=254;B1=65536;B2=0;B3=0;B4=1;B5=1;B6=0;B7=1;B8=1;B9=1;
C0=0;C1=0;C2=dd_
===============

-Jason

----- Original Message -----
From: "Hiroshi Inoue" <Inoue@tpf.co.jp>
To: "pg" <pg@newhonest.com>
Cc: <pgsql-odbc@postgresql.org>
Sent: Friday, March 21, 2003 1:13 PM
Subject: Re: [ODBC] password leak in mylog thru win odbc


> pg wrote:
> >
> > I'm using Win ME. I'm trying to write a program in VB and connects to PG
> > with super-user account (or with a "connection user" with many rights).
The
> > detail user rights are embeded in the VB program for detail control, so
that
> > no one should know the connection user. Users only knows their own
password
> > for that VB program, so their password is only useful with that VB
program.
> >
> > But if a user enable the mylog in odbc, the password (pwd) shows up
there in
> > mylogxxxxx.
> >
> > What can I do to hide the password?
>
> Please try the snapshot dll at
> http://www.geocities.jp/inocchichichi/psqlodbc/ .
>
> regards,
> Hiroshi Inoue
> http://www.geocities.jp/inocchichichi/psqlodbc/
>


pgsql-odbc by date:

Previous
From: Hiroshi Inoue
Date:
Subject: Re: Problem with SQL_LONGVARBINAY
Next
From: Chris Gamache
Date:
Subject: Re: Can I do anything to prevent " auto rollback in a transaction when an error occurs "