Re: BUG #10680: LDAP bind password leaks to log on failed authentication

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Steven Siebert <smsiebe(at)gmail(dot)com>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #10680: LDAP bind password leaks to log on failed authentication
Date: 2014-10-19 20:14:29
Message-ID: 28196.1413749669@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Steven Siebert <smsiebe(at)gmail(dot)com> writes:
> I haven't heard a anything after my response to Toms email on 12Oct, is
> there anything I can do to move the forward on this? It's actually fine
> with me if it's preferred to close the issue as won't fixed if the group
> wants to go another direction...

Well, Stephen was proposing that we make it possible to push all secrets
into separate files (one file per secret), which would allow DBAs to
eliminate the problem as long as they were willing to set up such files.
I'm not entirely sold on that reasoning, because I'm doubtful that people
would bother; but if you care to look into what that would involve, it
would help move the discussion forward.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message chenhj 2014-10-20 06:01:03 32 bit libpq fail to connecting when set a very large "connect_timeout" value
Previous Message marko 2014-10-19 00:37:36 BUG #11712: Empty string as error message from libpq