Insecurity of ODBC debug logging files

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-odbc(at)postgresql(dot)org
Subject: Insecurity of ODBC debug logging files
Date: 2005-10-05 17:50:03
Message-ID: 846.1128534603@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-odbc

I have a gripe here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154126
about the fact that ODBC is willing to store passwords into debug log
files that aren't secure. Anyone want to do something about it?

Offhand it seems like simply omitting the password from the log wouldn't
be a bad idea. But even then, a log file will frequently contain
sensitive data (eg, credit card numbers appearing in INSERT statements).
Seems to me that there should also be some care taken to make the log
file not world-readable.

regards, tom lane

Browse pgsql-odbc by date

  From Date Subject
Next Message Tom Lane 2005-10-05 17:55:14 Re: Just as an FYI We are up solid now on pgsql libpq version
Previous Message Dave Page 2005-10-05 07:31:32 Re: Just as an FYI We are up solid now on pgsql libpq version