Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #10680: LDAP bind password leaks to log on failed authentication - Mailing list pgsql-bugs

From Steven Siebert
Subject Re: BUG #10680: LDAP bind password leaks to log on failed authentication
Date
Msg-id CAC3nzeidOUjEsF-dUYo_eDEMQqYMe0zWnc8RtirX8=vPoxAR5w@mail.gmail.com
Whole thread Raw
In response to Re: BUG #10680: LDAP bind password leaks to log on failed authentication  (Bruce Momjian <bruce@momjian.us>)
Responses Re: BUG #10680: LDAP bind password leaks to log on failed authentication  (Steven Siebert <smsiebe@gmail.com>)
List pgsql-bugs
Tree view 
Dropped off my radar I'm afraid, but the customer is still quite interested
in getting this fixed. What we finally worked out should be quick work,
I'll throw up a patch tonight.  Thanks for the ping!

Thanks,

S

On Sat, Oct 11, 2014 at 2:35 PM, Bruce Momjian <bruce@momjian.us> wrote:

>
> Was any progress made on this, the reporting of LDAP/RADIUS passwords in
> our server logs?
>
> ---------------------------------------------------------------------------
>
> On Mon, Jun 23, 2014 at 04:42:24PM -0400, Steven Siebert wrote:
> > Thanks Magnus =)  I'll move forward with this guidance.
> >
> >
> > On Mon, Jun 23, 2014 at 4:35 PM, Magnus Hagander <magnus@hagander.net>
> wrote:
> > > On Mon, Jun 23, 2014 at 10:26 PM, Steven Siebert <smsiebe@gmail.com>
> wrote:
> > >>
> > >> Thanks for the continued discussion on this issue.
> > >>
> > >> It seems like, generally, fixing this vulnerability is getting a green
> > >> light.
> > >>
> > >> I wouldn't mind re-working the patch for this bug if I knew the
> > >> consensus on the preferred implementation.  As I mentioned previously,
> > >> I'm new here, so how do I go about soliciting "votes" (or otherwise)
> > >> the preferred approach so that I may move forward.
> > >
> > >
> > > I think the current summary is that "option c" is the one that people
> would
> > > accept if you submit it (provided the regular caveats about it being
> > > correctly implemented etc, of course). It should of course cover other
> > > potentially sensitive fields as well (such as the radius encryption
> key).
> > >
> > > If you implement a patch for that option, I will be happy to review and
> > > apply it.
> > >
> > > --
> > >  Magnus Hagander
> > >  Me: http://www.hagander.net/
> > >  Work: http://www.redpill-linpro.com/
> >
> >
> > --
> > Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
> > To make changes to your subscription:
> > http://www.postgresql.org/mailpref/pgsql-bugs
>
> --
>   Bruce Momjian  <bruce@momjian.us>        http://momjian.us
>   EnterpriseDB                             http://enterprisedb.com
>
>   + Everyone has their own god. +
>

pgsql-bugs by date:

Previous
From: Andres Freund
Date:
Subject: Re: BUG #11033: 'pg_dump -a' much slower than 'pg_dump'
Next
From: Mark Simonetti
Date:
Subject: Re: pgxml bug (crash) in xslt_proc.c