View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002953 | SOGo | Backend General | public | 2014-10-14 15:46 | 2014-11-21 20:35 |
| Reporter | franta | Assigned To | francis | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2.2.9a | ||||
| Fixed in Version | 2.2.10 | ||||
| Summary | 0002953: Database password should not leak in logs | ||||
| Description | When there is a problem with connecting to DB, the error is logged. The bad thing is that it logs whole DB URL including database password. Oct 14 12:01:21 sogod [1817]: [ERROR] <0x0x7fb37c0fb7e0[GCSChannelManager]> could not open channel <0x0x7fb37bf481d0[PostgreSQL72Channel]: not-connected> for URL: postgresql://sogo:XXX_THERE_IS_PASSWORD_XXX@localhost:5432/postgres/sogo_user_profile Oct 14 12:04:07 sogod [1818]: <0x0x7fb37c0fb7e0[GCSChannelManager]> db for postgresql://sogo:XXX_THERE_IS_PASSWORD_XXX@localhost:5432/postgres/sogo_sessions_folder is now back up | ||||
| Steps To Reproduce | Shutdown SQL server, try to use SOGo and lookup your DB URL in the log file. | ||||
| Additional Information | Only members of adm group has permission to the /var/log/sogo/ directory - but despite this fact, the password should not leak in log files. Hostname+username+dbname is enough for debugging purposes. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-10-14 15:46 | franta | New Issue | |
| 2014-10-14 16:55 | francis | Note Added: 0007609 | |
| 2014-10-14 16:55 | francis | Status | new => resolved |
| 2014-10-14 16:55 | francis | Fixed in Version | => 2.2.10 |
| 2014-10-14 16:55 | francis | Resolution | open => fixed |
| 2014-10-14 16:55 | francis | Assigned To | => francis |
| 2014-11-21 20:35 | ludovic | View Status | private => public |
