Re: password leak in mylog thru win odbc

Hi Dave,

Here is part of the mylogxxx with md5 in pg_hba.conf (user : test1, password
: test 1 from pgadmin2) :

==========
[-892929]globals.extra_systable_prefixes = 'dd_;'
[-892929][SQLAllocEnv][-892929]**** in PGAPI_AllocEnv **
[-892929]** exit PGAPI_AllocEnv: phenv = 72945392 **
[-892929][SQLAllocConnect][-892929]PGAPI_AllocConnect: entering...
[-892929]**** PGAPI_AllocConnect: henv = 72945392, conn = 71844416
[-892929]EN_add_connection: self = 72945392, conn = 71844416
[-892929] added at i =0, conn->henv = 72945392, conns[i]->henv =
72945392
[-892929][SQLGetInfo][-892929]PGAPI_GetInfo: entering...fInfoType=77
[-892929]PGAPI_GetInfo: p='02.50', len=0, value=0, cbMax=12
[-892929][SQLSetConnectionOption][-892929]PGAPI_SetConnectOption: entering
fOption = 103 vParam = 15
[-892929][SQLDriverConnect][-892929]PGAPI_DriverConnect: entering...
[-892929]**** PGAPI_DriverConnect: fDriverCompletion=0,
connStrIn='DRIVER={PostgreSQL};UID=test1;PWD=test1;SERVER=192.168.1.103;PORT
=5432;DATABASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUM
N=0;ROWVERSIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;U
NKNOWNSIZES=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1
;USEDECLAREFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1
;PARSE=0;CANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-892929]our_connect_string =
'DRIVER={PostgreSQL};UID=test1;PWD=test1;SERVER=192.168.1.103;PORT=5432;DATA
BASE=template1;READONLY=0;PROTOCOL=6.4;FAKEOIDINDEX=0;SHOWOIDCOLUMN=0;ROWVER
SIONING=0;SHOWSYSTEMTABLES=0;CONNSETTINGS=;FETCH=100;SOCKET=4096;UNKNOWNSIZE
S=0;MAXVARCHARSIZE=254;MAXLONGVARCHARSIZE=65536;OPTIMIZER=1;KSQO=1;USEDECLAR
EFETCH=0;TEXTASLONGVARCHAR=1;UNKNOWNSASLONGVARCHAR=1;BOOLSASCHAR=1;PARSE=0;C
ANCELASFREESTMT=0;EXTRASYSTABLEPREFIXES=dd_;COMMLOG=0;DEBUG=0;'
[-892929]attribute = 'DRIVER', value = '{PostgreSQL}'
[-892929]copyAttributes:
DSN='',server='',dbase='',user='',passwd='',port='',onlyread='',protocol='',
conn_settings='',disallow_premature=-1)
[-892929]attribute = 'UID', value = 'test1'
[-892929]copyAttributes:
DSN='',server='',dbase='',user='test1',passwd='',port='',onlyread='',protoco
l='',conn_settings='',disallow_premature=-1)
[-892929]attribute = 'PWD', value = 'test1'
.....
=================

-Jason

----- Original Message -----
From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "pg" <pg(at)newhonest(dot)com>; <pgsql-odbc(at)postgresql(dot)org>
Sent: Friday, March 21, 2003 5:37 AM
Subject: Re: [ODBC] password leak in mylog thru win odbc

>
>
> > -----Original Message-----
> > From: pg [mailto:pg(at)newhonest(dot)com]
> > Sent: 19 March 2003 06:22
> > To: pgsql-odbc(at)postgresql(dot)org
> > Subject: [ODBC] password leak in mylog thru win odbc
> >
> > But if a user enable the mylog in odbc, the password (pwd)
> > shows up there in mylogxxxxx.
> >
> > What can I do to hide the password?
>
> Hi Jason,
>
> If you use MD5 password authentication, does it still save the password
> in the log, or the MD5 hash? If the latter, is that secure enough for
> you, or might your users make use of it?
>
> Regards, Dave.
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
>