rlm_sql_postgresql: db password appears in plaintext in logs
L. Rose
lists at lrose.de
Tue Jan 7 16:31:59 CET 2020
Hello everyone,
I'm not sure if this is a bug or a misconfiguration on our site. When
running freeradius -X, the database password of our postgresql database
appears in plaintext on the console:
rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
host='127.0.0.1' port=1337 user='radiususer' password='example'
Of course, the values for dbname, host, port, user and password are not
the real values, but the real values appear in the debug output. I
thought that freeradius -X should not print any confidential
information? Or is this a feature?
Thanks in advance,
L. Rose
More information about the Freeradius-Users
mailing list