rlm_sql_postgresql: db password appears in plaintext in logs

Coy Hile coy.hile at coyhile.com
Tue Jan 7 17:10:04 CET 2020

On 2020-01-07 10:31, L. Rose wrote:
> Hello everyone,
> I'm not sure if this is a bug or a misconfiguration on our site. When
> running freeradius -X, the database password of our postgresql
> database appears in plaintext on the console:
> rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
> host='' port=1337 user='radiususer' password='example'
> Of course, the values for dbname, host, port, user and password are
> not the real values, but the real values appear in the debug output. I
> thought that freeradius -X should not print any confidential
> information? Or is this a feature?

As a user, I'd argue that's a feature, as the first thing one would 
debug is that the SQL connection is, in fact, connecting to the expected 
database, using the expected credentials.

Coy Hile
coy.hile at coyhile.com

More information about the Freeradius-Users mailing list