From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Steven Siebert <smsiebe(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
Date: | 2014-06-19 15:39:28 |
Message-ID: | CABUevEzTfNTMF3F1hTyK1Lhq+2dt4fdCSyCrRF=BVgckf6y8ng@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Thu, Jun 19, 2014 at 5:37 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Steven Siebert (smsiebe(at)gmail(dot)com) wrote:
> > There are currently three suggestions on a fix put forth already:
> > 1) remove the raw line from the log entirely, just keeping the line
> number
> > 2) log that one specific event containing the raw log at a lower log
> > level (ie debug)
> > 3) parse out the password and continue to log the sanitized line at
> > the same "level" (all)
> >
> > I'm OK with the fact that the patch I provided using the first
> > approach seems to be denied. Can we consider either approach 2, 3, or
> > perhaps a combination or 2/3?
>
> I actually don't really see a huge problem with 1, but I need to go
> review the thread in more detail...
>
The reason the raw line was added in the first place was debugging cases
where the running pg_hba.conf might not be the same as the one in the
filesystem - either because of a reload not being done, or a reload of a
broken file.
I think 3 is a good option of these, assuming we can do it in a reasonably
good way.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2014-06-19 16:09:01 | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |
Previous Message | Stephen Frost | 2014-06-19 15:37:12 | Re: BUG #10680: LDAP bind password leaks to log on failed authentication |