c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 612956] Re: Readable password in logs

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "vra \(openerp\)" <612956@xxxxxxxxxxxxxxxxxx>
Date: Thu, 18 Nov 2010 09:08:10 -0000
Reply-to: Bug 612956 <612956@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

** Changed in: openobject-addons
     Assignee: gpa(Open ERP) (gpa-openerp) => (unassigned)

-- 
Readable password in logs
https://bugs.launchpad.net/bugs/612956
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.

Status in OpenObject Addons Modules: New

Bug description:
opener-server.log (5.12 and 6.0) the database password appears clearly in one line.

[2010-08-03 20:07:33,143] DEBUG:db.connection_pool:ConnectionPool(used=0/count=0/max=64) Borrow connection to 'user=openerp password=password dbname=template1'

Other lines are correct with a masked password:

[2010-08-03 20:07:33,146] DEBUG:db.connection_pool:ConnectionPool(used=1/count=1/max=64) Create new connection
[2010-08-03 20:07:33,234] DEBUG:db.connection_pool:ConnectionPool(used=1/count=1/max=64) Give back connection to 'user=openerp password=xxxxxxxxxx dbname=template1'
[2010-08-03 20:07:33,235] DEBUG:db.connection_pool:ConnectionPool(used=0/count=0/max=64) Forgot connection to 'user=openerp password=xxxxxxxxxx dbname=template1'

Follow ups

Re: [Bug 612956] Re: Readable password in logs
From: xrg, 2010-11-19