Home > mailing lists

Re: BUG #10680 - ldapbindpasswd leaks to postgresql log - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: BUG #10680 - ldapbindpasswd leaks to postgresql log
Date	June 18, 2014 05:51:00
Msg-id	25606.1403059854@sss.pgh.pa.us Whole thread Raw
In response to	BUG #10680 - ldapbindpasswd leaks to postgresql log (Steven Siebert <smsiebe@gmail.com>)
Responses	Re: BUG #10680 - ldapbindpasswd leaks to postgresql log (Magnus Hagander <magnus@hagander.net>)
List	pgsql-hackers

Tree view

Steven Siebert <smsiebe@gmail.com> writes:
> Attached is a proposed patch for BUG #10680.

> It's a simple fix to the problem of the ldapbindpasswd leaking in
> clear text to the postgresql log.  The patch simply removes the raw
> pg_hba.conf line from the log message, but retains the log line number
> to assist admins in troubleshooting.

You haven't exactly explained why this is a problem.  The proposed patch
would impede diagnosing of many other problems, so it's not going to get
committed without a thoroughly compelling rationale.

Hint: "I don't store my postmaster log securely" is not compelling.
We've been over that ground before; there are far too many reasons
why access to the postmaster log is a potential security hazard
to justify concluding that this particular one is worse.
        regards, tom lane

pgsql-hackers by date:

From: Stephen Frost
Date: 18 June 2014, 05:25:25
Subject: Re: API change advice: Passing plan invalidation info from the rewriter into the planner?

From: xbzhang
Date: 18 June 2014, 06:21:53
Subject: Re: How to implement the skip errors for copy from ?

Re: BUG #10680 - ldapbindpasswd leaks to postgresql log - Mailing list pgsql-hackers

Previous

Next