Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

WwWXxX, udp high ports, d-link extract firmware dsl-2750u, wwwwxxxxx.2G, yxxxcom, WWWXXX, ftp://192.168.100.100, wwwxxx 100, www.xxxcon, wwwxxx

Links

XODOX
Impressum

#1: postgresql 8.3 logging user passwords in clear text

Posted on 2010-08-24 01:47:53 by Keith Pinnix

--0-888677344-1282607273=:14568
Content-Type: text/plain; charset=us-ascii

All:

I have a postgresql instance and I have noticed that it is logging the user
passwords in clear text in the postgresql.log. Is this configurable so that it
retains the user info and commands but does not log the password?

Keith
--0-888677344-1282607273=:14568
Content-Type: text/html; charset=us-ascii

<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:10pt"><div>All:<br><br>I have a postgresql instance and I have noticed that it is logging the user passwords in clear text in the postgresql.log.&nbsp;&nbsp; Is this configurable so that it retains the user info and commands but does not log the password?<br><br>Keith<br><br></div>
</div></body></html>
--0-888677344-1282607273=:14568--

Report this message

#2: Re: postgresql 8.3 logging user passwords in clear text

Posted on 2010-08-24 08:36:21 by Scott Marlowe

On Mon, Aug 23, 2010 at 5:47 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
> All:
>
> I have a postgresql instance and I have noticed that it is logging the us=
er
> passwords in clear text in the postgresql.log.   Is this configurable=
so
> that it retains the user info and commands but does not log the password?

Got some redacted log examples?

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Report this message

#3: Re: postgresql 8.3 logging user passwords in clear text

Posted on 2010-08-24 19:04:07 by alvherre

Excerpts from Keith Pinnix's message of lun ago 23 19:47:53 -0400 2010:
> All:
>=20
> I have a postgresql instance and I have noticed that it is logging the =
user=20
> passwords in clear text in the postgresql.log. Is this configurable s=
o that it=20
> retains the user info and commands but does not log the password?

In what context? If you're doing ALTER ROLE / PASSWORD with the
password in clear text, then that's obviously going to show up in the
log. The solution is to encrypt them client-side; for example use
\password in psql to change passwords, which does that automatically.

--=20
ÃÂlvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Report this message

#4: Re: postgresql 8.3 logging user passwords in clear text

Posted on 2010-08-24 21:01:51 by Scott Marlowe

On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
> Scott:
>
> The entries are from dblimk something like below:
>
> =A0SELECT * FROM dblink('dbname=3DXXXXXX=A0 host=3DXXXXXX port=3DXXX=A0 u=
ser=3DXXXXX
> password=3DXXXXXXX ',
>
> We use this feature quite a bit and this presents quite a security issue.
> We are currently using=A0 8.3.

You could set up those machines to connect via trust. But yeah,
dblink otherwise has passwords in the connect string.

--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Report this message

#5: Re: postgresql 8.3 logging user passwords in clear text

Posted on 2010-08-24 21:40:35 by Tom Lane

Scott Marlowe <scott.marlowe@gmail.com> writes:
> On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
>> The entries are from dblimk something like below:
>>  SELECT * FROM dblink('dbname=XXXXXX  host=XXXXXX port=XXX  user=XXXXX
>> password=XXXXXXX ',

> You could set up those machines to connect via trust. But yeah,
> dblink otherwise has passwords in the connect string.

Actually, the general opinion on this is that the postmaster log files
have to be protected because they might contain sensitive data;
*especially* so if you're enabling log_statements, but even without
that. dblink passwords are just one small manifestation of the general
problem. As an example, you might be inserting customers' credit card
numbers or some such into your tables. Even if the log_statement
mechanism understood that it should hide passwords, it's hardly likely
to know that specific bits of ordinary data have security implications.

IOW: you're trying to fix this in the wrong place. Secure your
logfiles, don't imagine that you can prevent there being any sensitive
info in them.

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Report this message