rlm_sql_postgresql: db password appears in plaintext in logs

Alan Buxey alan.buxey at gmail.com
Tue Jan 7 17:23:23 CET 2020


hi,

in full debug mode, everything gets printed - to ensure that reality
and configuration match - ie if the DB doesnt connect then maybe some
of the connection parameters are wrong.

in later versions theres a 'minor debug' mode where some passwords are
obfuscated.  use that locally if you need to (surely
whoever is running the server in debug can read the config files
anyway?) but use the proper -X when sending debug stuff to the mailing
list

alan

On Tue, 7 Jan 2020 at 15:34, L. Rose <lists at lrose.de> wrote:
>
> Hello everyone,
>
> I'm not sure if this is a bug or a misconfiguration on our site. When
> running freeradius -X, the database password of our postgresql database
> appears in plaintext on the console:
>
> rlm_sql_postgresql: Connecting using parameters: dbname='radiusdb'
> host='127.0.0.1' port=1337 user='radiususer' password='example'
>
> Of course, the values for dbname, host, port, user and password are not
> the real values, but the real values appear in the debug output. I
> thought that freeradius -X should not print any confidential
> information? Or is this a feature?
>
> Thanks in advance,
> L. Rose
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list