Prevent failed passwords from being echoed to server logs, for security.

author Bruce Momjian <bruce@momjian.us>

Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)

committer Bruce Momjian <bruce@momjian.us>

Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)
author Bruce Momjian <bruce@momjian.us>
Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)
committer Bruce Momjian <bruce@momjian.us>
Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c

index f20a02788e4a61c16b57d9005acfca13522e9934..7c090b933297cad5daeb48a358da11bb9a462b6f 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
   *
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.77 2002/03/04 01:46:02 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.78 2002/03/05 06:52:05 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -805,8 +805,8 @@ recv_and_check_password_packet(Port *port)
                 return STATUS_EOF;
         }
  
-       elog(DEBUG5, "received password packet with len=%d, pw=%s",
-                len, buf.data);
+       /* Do not echo failed password to logs, for security. */
+       elog(DEBUG5, "received password packet");
  
         result = checkPassword(port, port->user, buf.data);
         pfree(buf.data);
author	Bruce Momjian <bruce@momjian.us>
	Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)
committer	Bruce Momjian <bruce@momjian.us>
	Tue, 5 Mar 2002 06:52:05 +0000 (06:52 +0000)