Re: Insecurity of ODBC debug logging files

Am 05.10.2005 um 21:08 schrieb Dave Page:

>> But even then, a log file will frequently contain
>> sensitive data (eg, credit card numbers appearing in INSERT
>> statements).
>> Seems to me that there should also be some care taken to make the log
>> file not world-readable.
>
> I'll have a look at writing them with mode 600 on *nix. On Win9x and NT
> based systems with FAT partitions there's nothing we can do of course.
> I'd rather not make the filenames unpredicatable though as that'll make
> it difficult for us to tell users how to track down the right debug
> log.
>

Hi,

what about a special database type like sensitive or an encrypted
column type ?
If the ODBC driver comes across of such a column, it could be masked
out as well.

Regards, Lothar

> Regards, Dave.
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo@postgresql.org so that
> your
>        message can get through to the mailing list cleanly
>
>
--
Lothar Behrens    |    Rapid Prototyping ...
Rosmarinstr 3        |
40235 Düsseldorf      |    www.lollisoft.de