Insecurity of ODBC debug logging files - Mailing list pgsql-odbc

From Tom Lane
Subject Insecurity of ODBC debug logging files
Date
Msg-id 846.1128534603@sss.pgh.pa.us
Whole thread Raw
List pgsql-odbc
I have a gripe here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
about the fact that ODBC is willing to store passwords into debug log
files that aren't secure.  Anyone want to do something about it?

Offhand it seems like simply omitting the password from the log wouldn't
be a bad idea.  But even then, a log file will frequently contain
sensitive data (eg, credit card numbers appearing in INSERT statements).
Seems to me that there should also be some care taken to make the log
file not world-readable.

            regards, tom lane

pgsql-odbc by date:

Previous
From: "Dave Page"
Date:
Subject: Re: Just as an FYI We are up solid now on pgsql libpq version
Next
From: Tom Lane
Date:
Subject: Re: Just as an FYI We are up solid now on pgsql libpq version