Deletion DB leave clear password on server log
Bug #729034 reported by
Nicola Riolini - Micronaet
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Server (MOVED TO GITHUB) |
Triaged
|
Wishlist
|
OpenERP's Framework R&D |
Bug Description
I recently read a bug that where correct about clear password during creation, I see that in deletion there is the same problem (not a bug but a possibly privacy leak)
Thanks
[2011-03-04 13:17:02,207][?] INFO:db.
Changed in openobject-server: | |
assignee: | nobody → OpenERP's Framework R&D (openerp-dev-framework) |
importance: | Undecided → Wishlist |
status: | New → Triaged |
To post a comment you must log in.
On Friday 04 March 2011, you wrote:
> Public bug reported:
>
> I recently read a bug that where correct about clear password during
> creation, I see that in deletion there is the same problem (not a bug but
> a possibly privacy leak) Thanks
Let me repeat for a Nth time that setting a database password for postgres is
a bad idea right from the start: the password, if set, will be accessible to
the openerp-server, and, therefore any process that runs as that user. Why not
use the "trust" or "ident" authentication instead (which relies, too, to the
unix uid) ?