Re: BUG #10680: LDAP bind password leaks to log on failed authentication

* Magnus Hagander (magnus@hagander.net) wrote:
> On Thu, Jun 19, 2014 at 5:37 PM, Stephen Frost <sfrost@snowman.net> wrote:
> > I actually don't really see a huge problem with 1, but I need to go
> > review the thread in more detail...
>=20
> The reason the raw line was added in the first place was debugging cases
> where the running pg_hba.conf might not be the same as the one in the
> filesystem - either because of a reload not being done, or a reload of a
> broken file.

erm, not entirely convinced that's a great reason to log the whole line,
but..

> I think 3 is a good option of these, assuming we can do it in a reasonably
> good way.

I'd be fine with this approach.  I'd definitely like to see this
addressed in some manner because it's, clearly, not going to go away as
a request (I remember dealing with similar issues quite a few years ago
and all the arguments about how it "should" be ok to log passwords
didn't fly and we ended up having to address it also).

    Thanks,

        Stephen