Home > mailing lists

Re: Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

From	Jim Nasby
Subject	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
Date	October 29, 2014 22:41:34
Msg-id	545142D6.7@BlueTreble.com Whole thread Raw
In response to	Re: Directory/File Access Permissions for COPY and Generic File Access Functions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Directory/File Access Permissions for COPY and Generic File Access Functions
List	pgsql-hackers

Tree view

On 10/29/14, 2:33 PM, Tom Lane wrote:
> Capture the postmaster log.  Keep on capturing it till somebody
> fat-fingers their login to the extent of swapping the username and
> password (yeah, I've done that, haven't you?).

Which begs the question: why on earth do we log passwords at all? This is a problem for ALTER ROLE too.

Perhaps it would make sense if we had a dedicated security log this stuff went into, but if you're running something
likepgBadger/pgFouine you're going to be copying logfiles off somewhere else and now you've got a security problem.

Let alone if you're using syslog...
-- 
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com

pgsql-hackers by date:

From: Andres Freund
Date: 29 October 2014, 22:40:29
Subject: Re: WIP: Access method extendability

From: Simon Riggs
Date: 29 October 2014, 22:46:51
Subject: Re: Replication identifiers, take 3

Re: Directory/File Access Permissions for COPY and Generic File Access Functions - Mailing list pgsql-hackers

Previous

Next