Comment 1 for bug 854785
Revision history for this message
| xrg (xrg) wrote Re: [Bug 854785] [NEW] [TRUNK] Whn you delete a DB psql password is printed on log | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
On Tuesday 20 September 2011, you wrote:
> *** This bug is a security vulnerability ***
>
> Private security bug reported:
>
> This is a real big security issue, this information NEVER should go to
> log.
>
> The server is printing:
> db.connection_
> connections to 'port=5434 user=DBUSER password=PASSWORD dbname=tr3'
>
Well, it is not critical IMHO..
In terms of security, you shouldn't have used a password (alone) as means of
authenticating to the postgres database.
The reason is, that this password is unconditionally accessible by the user
running the openerp server. That is, any module, any python eval()'ed snippet
could read this password and send it out. The fact that one log file, also
belonging to the same user, contains that password, is no less secure than
"openerp-
Moreover, this information is only logged when pooler is at 'debug' log-level.
This means that the admin of the system wishes to log too much information,
which shouldn't happen in a production machine anyway.
Therefore, I'd like to reduce the severity of this bug.
Yes, I agree that no password should be logged in plaintext, but this one is
not our weak point.