On Thursday 18 November 2010, you wrote: > ** Visibility changed to: Public > > ** This bug is no longer flagged as a security vulnerability >
Well, in order to have the passwords stored in logs, you would have to lower the debugging level to debug_rpc or so. In that mode, you are no longer at a "production" setup, so we can tolerate the fact that the password gets in the logs. I wouldn't call it a 100% (-of the time) vulnerability. -- Readable password in logs https://bugs.launchpad.net/bugs/612956 You received this bug notification because you are a member of C2C OERPScenario, which is subscribed to the OpenERP Project Group. Status in OpenObject Addons Modules: Invalid Bug description: opener-server.log (5.12 and 6.0) the database password appears clearly in one line. [2010-08-03 20:07:33,143] DEBUG:db.connection_pool:ConnectionPool(used=0/count=0/max=64) Borrow connection to 'user=openerp password=password dbname=template1' Other lines are correct with a masked password: [2010-08-03 20:07:33,146] DEBUG:db.connection_pool:ConnectionPool(used=1/count=1/max=64) Create new connection [2010-08-03 20:07:33,234] DEBUG:db.connection_pool:ConnectionPool(used=1/count=1/max=64) Give back connection to 'user=openerp password=xxxxxxxxxx dbname=template1' [2010-08-03 20:07:33,235] DEBUG:db.connection_pool:ConnectionPool(used=0/count=0/max=64) Forgot connection to 'user=openerp password=xxxxxxxxxx dbname=template1' _______________________________________________ Mailing list: https://launchpad.net/~c2c-oerpscenario Post to : [email protected] Unsubscribe : https://launchpad.net/~c2c-oerpscenario More help : https://help.launchpad.net/ListHelp
