From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Steven Siebert <smsiebe(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
Date: | 2014-06-19 15:37:12 |
Message-ID: | 20140619153712.GV16098@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
* Steven Siebert (smsiebe(at)gmail(dot)com) wrote:
> There are currently three suggestions on a fix put forth already:
> 1) remove the raw line from the log entirely, just keeping the line number
> 2) log that one specific event containing the raw log at a lower log
> level (ie debug)
> 3) parse out the password and continue to log the sanitized line at
> the same "level" (all)
>
> I'm OK with the fact that the patch I provided using the first
> approach seems to be denied. Can we consider either approach 2, 3, or
> perhaps a combination or 2/3?
I actually don't really see a huge problem with 1, but I need to go
review the thread in more detail...
> I do have alternative means at my disposal (ie use flume, or something
> similar, to filter out just the log events I'm interested in and
> forward off)...but we wanted to be able to help those behind us that
> had similar concerns by fixing it at the source of the 'problem'. I
> want postgres to be unequivocally be approved software for the
> government - not conditionally based on complex usages of 3rd party
> applications to get it into an approved state.
Yeah, I tend to agree- mistakes and errors are different considerations
when it comes to auditing, etc.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2014-06-19 15:39:28 | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
Previous Message | Steven Siebert | 2014-06-19 15:33:01 | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |