id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
2397,PostGIS connection string contains password in error reports,dougrenwick,sdlime,"When accessing a Mapserver app and an error occurs, an error message is printed. If the layer reads from a PostGIS data source, then part of the output is the connection string and the exact error message generated by the remote PostgreSQL server.

This is very handy, except that the connection string often contains the password in unscrambled form. As such, when the database issue is resolved, the database could potentially be compromised by anybody who noted the connection params during the downtime.

I propose that the connection string, when it is displayed in an error message, be modified so have the password portion replaced with something ""more secure"" such as password=XXXXXXXX
",enhancement,closed,normal,5.0.1 release,PostGIS Interface,unspecified,major,invalid,"security,password,postgis",