| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Indrajeeth Deshmukh <bkindrajeeth(at)gmail(dot)com> |
| Cc: | David Rowley <dgrowleyml(at)gmail(dot)com>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs |
| Date: | 2025-02-18 14:38:38 |
| Message-ID: | CAKAnmmJq_pfPw8xaZV8vBwXXb8nZdy12zULL7W560F9VZ+7RVQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Feb 18, 2025 at 9:17 AM Indrajeeth Deshmukh <bkindrajeeth(at)gmail(dot)com>
wrote:
> Thanks for sharing the details. It looks like a valid issue and has not
> been resolved yet. Currently, the solution is keeping the file remains
> secure, but when it comes to SIEM monitoring, it will be a major concern.
> Any thoughts on this?
>
Other solutions:
1. Use Kerberos
2. Disallow password creation and altering, except via psql \password or
similar methods.
3. Disable logging when you are about to attempt a password change
--
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-02-18 15:37:52 | Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs |
| Previous Message | David G. Johnston | 2025-02-18 14:37:30 | Re: BUG #18817: Security Bug Report: Plaintext Password Exposure in Logs |