Opened 16 years ago
Closed 16 years ago
#2397 closed enhancement (invalid)
PostGIS connection string contains password in error reports
| Reported by: | dougrenwick | Owned by: | sdlime |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.0.1 release |
| Component: | PostGIS Interface | Version: | unspecified |
| Severity: | major | Keywords: | security, password, postgis |
| Cc: |
Description
When accessing a Mapserver app and an error occurs, an error message is printed. If the layer reads from a PostGIS data source, then part of the output is the connection string and the exact error message generated by the remote PostgreSQL server.
This is very handy, except that the connection string often contains the password in unscrambled form. As such, when the database issue is resolved, the database could potentially be compromised by anybody who noted the connection params during the downtime.
I propose that the connection string, when it is displayed in an error message, be modified so have the password portion replaced with something "more secure" such as password=XXXXXXXX
Change History (4)
comment:1 by , 16 years ago
| Cc: | added |
|---|---|
| Component: | MapServer CGI → PostGIS Interface |
| Owner: | changed from to |
comment:2 by , 16 years ago
| Cc: | removed |
|---|---|
| Owner: | changed from to |
Doug: Can post an actual error? I don't have PostGIS running at home. The code in 5.0+ (I didn't look at 4.x) looks to replace the password with *'s already if there is a connection error and I don't see other places where the password is output.
Steve
BTW Doesn't look like Refractions is going to touch this so I'll take it back.
comment:3 by , 16 years ago
| Status: | new → assigned |
|---|
comment:4 by , 16 years ago
| Resolution: | → invalid |
|---|---|
| Status: | assigned → closed |
A bit of research tells me Refractions fixed this problem back in 2005 (see bug #703). Marking as invalid...
Steve
It's not just a CGI issue since you could see this if any error logging is turned on. Re-assigning to PostGIS component since that's the source of the error message. Those guys may have a better idea on how to surpress the password.
Steve