#1: postgresql 8.3 logging user passwords in clear text
Posted on 2010-08-24 01:47:53 by Keith Pinnix
--0-888677344-1282607273=:14568
Content-Type: text/plain; charset=us-ascii
All:
I have a postgresql instance and I have noticed that it is logging the user
passwords in clear text in the postgresql.log. Is this configurable so that it
retains the user info and commands but does not log the password?
Keith
--0-888677344-1282607273=:14568
Content-Type: text/html; charset=us-ascii
<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:10pt"><div>All:<br><br>I have a postgresql instance and I have noticed that it is logging the user passwords in clear text in the postgresql.log. Is this configurable so that it retains the user info and commands but does not log the password?<br><br>Keith<br><br></div>
</div></body></html>
--0-888677344-1282607273=:14568--
Report this message |
|
#2: Re: postgresql 8.3 logging user passwords in clear text
Posted on 2010-08-24 08:36:21 by Scott Marlowe
On Mon, Aug 23, 2010 at 5:47 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
> All:
>
> I have a postgresql instance and I have noticed that it is logging the us=
er
> passwords in clear text in the postgresql.log. Is this configurable=
so
> that it retains the user info and commands but does not log the password?
Got some redacted log examples?
--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Report this message |
#3: Re: postgresql 8.3 logging user passwords in clear text
Posted on 2010-08-24 19:04:07 by alvherre
Excerpts from Keith Pinnix's message of lun ago 23 19:47:53 -0400 2010:
> All:
>=20
> I have a postgresql instance and I have noticed that it is logging the =
user=20
> passwords in clear text in the postgresql.log. Is this configurable s=
o that it=20
> retains the user info and commands but does not log the password?
In what context? If you're doing ALTER ROLE / PASSWORD with the
password in clear text, then that's obviously going to show up in the
log. The solution is to encrypt them client-side; for example use
\password in psql to change passwords, which does that automatically.
--=20
Ãlvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Report this message |
#4: Re: postgresql 8.3 logging user passwords in clear text
Posted on 2010-08-24 21:01:51 by Scott Marlowe
On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
> Scott:
>
> The entries are from dblimk something like below:
>
> =A0SELECT * FROM dblink('dbname=3DXXXXXX=A0 host=3DXXXXXX port=3DXXX=A0 u=
ser=3DXXXXX
> password=3DXXXXXXX ',
>
> We use this feature quite a bit and this presents quite a security issue.
> We are currently using=A0 8.3.
You could set up those machines to connect via trust. But yeah,
dblink otherwise has passwords in the connect string.
--=20
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Report this message |
#5: Re: postgresql 8.3 logging user passwords in clear text
Posted on 2010-08-24 21:40:35 by Tom Lane
Scott Marlowe <scott.marlowe@gmail.com> writes:
> On Tue, Aug 24, 2010 at 12:20 PM, Keith Pinnix <kpinnix@yahoo.com> wrote:
>> The entries are from dblimk something like below:
>> SELECT * FROM dblink('dbname=XXXXXX host=XXXXXX port=XXX user=XXXXX
>> password=XXXXXXX ',
> You could set up those machines to connect via trust. But yeah,
> dblink otherwise has passwords in the connect string.
Actually, the general opinion on this is that the postmaster log files
have to be protected because they might contain sensitive data;
*especially* so if you're enabling log_statements, but even without
that. dblink passwords are just one small manifestation of the general
problem. As an example, you might be inserting customers' credit card
numbers or some such into your tables. Even if the log_statement
mechanism understood that it should hide passwords, it's hardly likely
to know that specific bits of ordinary data have security implications.
IOW: you're trying to fix this in the wrong place. Secure your
logfiles, don't imagine that you can prevent there being any sensitive
info in them.
regards, tom lane
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Report this message |