Re: BUG #10680: LDAP bind password leaks to log on failed authentication

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: BUG #10680: LDAP bind password leaks to log on failed authentication
Дата
Msg-id 20140619124432.GP16098@tamriel.snowman.net
обсуждение исходный текст
Ответ на BUG #10680: LDAP bind password leaks to log on failed authentication  (smsiebe@gmail.com)
Ответы Re: BUG #10680: LDAP bind password leaks to log on failed authentication  (Steven Siebert <smsiebe@gmail.com>)
Список pgsql-bugs
Дерево обсуждения 
Greetings,

* smsiebe@gmail.com (smsiebe@gmail.com) wrote:
> When a user fails to login when the LDAP method is used, the ldapbindpasswd
> (in plain text) is leaked to the log, even when the log level is set to
> warning.

If you don't want the server to see the user's password, don't use LDAP
authentication.  A much better approach is Kerberos or client-side SSL
certificates.

There may be something which is done to improve the specific case
mentioned here (or perhaps not..), but if LDAP is used then the PG
server will see the user's password because that's how that
authentication system works.

    Thanks,

        Stephen

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: LISTEN fails to "access status of transaction"
Следующее
От: Steven Siebert
Дата:
Сообщение: Re: BUG #10680: LDAP bind password leaks to log on failed authentication