Re: postgresql 8.3 logging user passwords in clear text

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
Cc: Keith Pinnix <kpinnix(at)yahoo(dot)com>, pgsql-admin(at)postgresql(dot)org
Subject: Re: postgresql 8.3 logging user passwords in clear text
Date: 2010-08-24 19:40:35
Message-ID: 3753.1282678835@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> writes:
> On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix(at)yahoo(dot)com> wrote:
>> The entries are from dblimk something like below:
>> SELECT * FROM dblink('dbname=XXXXXX host=XXXXXX port=XXX user=XXXXX
>> password=XXXXXXX ',

> You could set up those machines to connect via trust. But yeah,
> dblink otherwise has passwords in the connect string.

Actually, the general opinion on this is that the postmaster log files
have to be protected because they might contain sensitive data;
*especially* so if you're enabling log_statements, but even without
that. dblink passwords are just one small manifestation of the general
problem. As an example, you might be inserting customers' credit card
numbers or some such into your tables. Even if the log_statement
mechanism understood that it should hide passwords, it's hardly likely
to know that specific bits of ordinary data have security implications.

IOW: you're trying to fix this in the wrong place. Secure your
logfiles, don't imagine that you can prevent there being any sensitive
info in them.

regards, tom lane

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Ozer, Pam 2010-08-24 21:20:05 Re: Case Insensitive Database
Previous Message Kevin Grittner 2010-08-24 19:12:15 Re: trouble restoring database