c2c-oerpscenario team mailing list archive

Thread
Date

Re: [Bug 729034] [NEW] Deletion DB leave clear password on server log

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: xrg <xrg@xxxxxxxxx>
Date: Fri, 04 Mar 2011 13:11:30 -0000
Reply-to: Bug 729034 <729034@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On Friday 04 March 2011, you wrote:
> Public bug reported:
> 
> I recently read a bug that where correct about clear password during
> creation, I see that in deletion there is the same problem (not a bug but
> a possibly privacy leak) Thanks


Let me repeat for a Nth time that setting a database password for postgres is 
a bad idea right from the start: the password, if set, will be accessible to 
the openerp-server, and, therefore any process that runs as that user. Why not 
use the "trust" or "ident" authentication instead (which relies, too, to the 
unix uid) ?

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/729034

Title:
  Deletion DB leave clear password on server log

Status in OpenERP Server:
  New

Bug description:
  I recently read a bug that where correct about clear password during creation, I see that in deletion there is the same problem (not a bug but a possibly privacy leak)
  Thanks

  [2011-03-04 13:17:02,207][?]
  INFO:db.connection_pool:ConnectionPool(used=0/count=3/max=64): Close
  all connections to 'user=openerp password=password1234 dbname=Demo'

Follow ups

Re: [Bug 729034] [NEW] Deletion DB leave clear password on server log
From: Raphaël Valyi - http : //www . akretion . com, 2011-03-04

References

[Bug 729034] [NEW] Deletion DB leave clear password on server log
From: Nicola Riolini - Micronaet, 2011-03-04