| From: | Lothar Behrens <lothar(dot)behrens(at)lollisoft(dot)de> |
|---|---|
| To: | <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org> <pgsql-odbc(at)postgresql(dot)org> |
| Subject: | Re: Insecurity of ODBC debug logging files |
| Date: | 2005-10-06 04:19:04 |
| Message-ID: | 6fa515dd201166ec1d9b916192a52fb7@lollisoft.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
Am 05.10.2005 um 21:08 schrieb Dave Page:
>> But even then, a log file will frequently contain
>> sensitive data (eg, credit card numbers appearing in INSERT
>> statements).
>> Seems to me that there should also be some care taken to make the log
>> file not world-readable.
>
> I'll have a look at writing them with mode 600 on *nix. On Win9x and NT
> based systems with FAT partitions there's nothing we can do of course.
> I'd rather not make the filenames unpredicatable though as that'll make
> it difficult for us to tell users how to track down the right debug
> log.
>
Hi,
what about a special database type like sensitive or an encrypted
column type ?
If the ODBC driver comes across of such a column, it could be masked
out as well.
Regards, Lothar
> Regards, Dave.
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that
> your
> message can get through to the mailing list cleanly
>
>
--
Lothar Behrens | Rapid Prototyping ...
Rosmarinstr 3 |
40235 Düsseldorf | www.lollisoft.de
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mahesh Vyas | 2005-10-06 04:32:49 | unsubscribe |
| Previous Message | Zlatko Matić | 2005-10-05 20:33:01 | Re: [INTERFACES] [ODBC] Unbound text box, Text > 255 characters, MSAccess/PostgreSQL |