On Tue, Mar 22, 2011 at 3:45 PM, Dave Page <dpage@pgadmin.org> wrote:
>
>
> On Tue, Mar 22, 2011 at 5:10 AM, Craig Sacco <craig.sacco@gmail.com>wrote:
>
>>
>> The following bug has been logged online:
>>
>> Bug reference: 5938
>> Logged by: Craig Sacco
>> Email address: craig.sacco@gmail.com
>> PostgreSQL version: 9.0.3
>> Operating system: Microsoft Windows (all variants, 32 and 64 bit)
>> Description: PostgreSQL Installer outputs log file with superuser
>> password in clear text
>> Details:
>>
>> The PostgreSQL installer outputs a log file to the temporary directory
>> with
>> the superuser password in clear text. We are deploying PostgreSQL as part
>> of
>> a commercial product and would like to ensure that the password is not
>> available to ordinary users.
>>
>>
> This has been fixed for the next releases.
>
For the sake of the archives, it should also be noted that the file is in a
secure directory, much as a .pgpass file would be, so this is generally only
an issue for the situation described above, and not when a user installs a
copy himself.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company