Home > mailing lists

Security of ODBC debug log file leaves something to be desired - Mailing list pgsql-odbc

From	Tom Lane
Subject	Security of ODBC debug log file leaves something to be desired
Date	April 8, 2005 07:00:37
Msg-id	24444.1112929224@sss.pgh.pa.us Whole thread Raw
Responses	Re: Security of ODBC debug log file leaves something to be desired
List	pgsql-odbc

Tree view

I got a complaint here
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
pointing out that when you set debug=1, the generated log file
is world-readable by default, which doesn't seem like a good
idea when it may contain your password.  Also, since the name
of the file is pretty predictable, there is an opportunity
for a symlink redirection attack (though I doubt anything
really interesting could be accomplished that way).

Any thoughts about fixing this?  It's hard to believe no one
has pointed it out before, so I was wondering if there was some
good reason for doing it like this.

            regards, tom lane

pgsql-odbc by date:

From: "Philippe Lang"
Date: 06 April 2005, 13:03:30
Subject: MS Access & ODBC driver & Postgresql 8.01

From: Mischa Sandberg
Date: 08 April 2005, 09:24:59
Subject: Re: Security of ODBC debug log file leaves something to be desired

Security of ODBC debug log file leaves something to be desired - Mailing list pgsql-odbc

Previous

Next