← Back to team overview

c2c-oerpscenario team mailing list archive

  1. c2c-oerpscenario team
  2. Mailing list archive
  3. Message #18422

Re: [Bug 729034] [NEW] Deletion DB leave clear password on server log

  Thread PreviousDate PreviousThread Next 
On Fri, Mar 4, 2011 at 10:11 AM, xrg <xrg@xxxxxxxxx> wrote:

> On Friday 04 March 2011, you wrote:
> > Public bug reported:
> >
> > I recently read a bug that where correct about clear password during
> > creation, I see that in deletion there is the same problem (not a bug but
> > a possibly privacy leak) Thanks
>
>
> Let me repeat for a Nth time that setting a database password for postgres
> is
> a bad idea right from the start: the password, if set, will be accessible
> to
> the openerp-server, and, therefore any process that runs as that user. Why
> not
> use the "trust" or "ident" authentication instead (which relies, too, to
> the
> unix uid) ?
>

Then may be that would be worth an official advice from OpenERP SA here:
http://doc.openerp.com/v6.0/install/linux/postgres/index.html#setup-a-postgresql-user-for-openerp
Because you say that while OpenERP SA says the opposite, making it a bit
hard for new folks to get started...


>
> --
> You received this bug notification because you are subscribed to OpenERP
> Server.
> https://bugs.launchpad.net/bugs/729034
>
> Title:
>  Deletion DB leave clear password on server log
>
> Status in OpenERP Server:
>  New
>
> Bug description:
>  I recently read a bug that where correct about clear password during
> creation, I see that in deletion there is the same problem (not a bug but a
> possibly privacy leak)
>  Thanks
>
>  [2011-03-04 13:17:02,207][?]
>  INFO:db.connection_pool:ConnectionPool(used=0/count=3/max=64): Close
>  all connections to 'user=openerp password=password1234 dbname=Demo'
>

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/729034

Title:
  Deletion DB leave clear password on server log

Status in OpenERP Server:
  New

Bug description:
  I recently read a bug that where correct about clear password during creation, I see that in deletion there is the same problem (not a bug but a possibly privacy leak)
  Thanks

  [2011-03-04 13:17:02,207][?]
  INFO:db.connection_pool:ConnectionPool(used=0/count=3/max=64): Close
  all connections to 'user=openerp password=password1234 dbname=Demo'

References

  Thread PreviousDate PreviousThread Next