NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit50e088d

committed

doc: warn about security issues around log files

Reported-by: Simon RiggsDiscussion:https://postgr.es/m/CANP8+jJESuuXYq9Djvf-+tx2vY2OFLmfEuu+UvwHNJ1RT7iJCQ@mail.gmail.comAuthor: Simon RiggsBackpatch-through: 10

1 parent1886060 commit50e088dCopy full SHA for 50e088d

File tree

2 files changed

+30

-1

lines changed

doc/src/sgml
- config.sgml
- maintenance.sgml

2 files changed

+30

-1

lines changed

`‎doc/src/sgml/config.sgml`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6860,6 +6860,13 @@ local0.* /var/log/postgresql`
`6860`	`6860`	`<sect2 id="runtime-config-logging-what">`
`6861`	`6861`	`<title>What to Log</title>`
`6862`	`6862`
	`6863`	`+ <note>`
	`6864`	`+ <para>`
	`6865`	`+ What you choose to log can have security implications; see`
	`6866`	`+ <xref linkend="logfile-maintenance"/>.`
	`6867`	`+ </para>`
	`6868`	`+ </note>`
	`6869`	`+`
`6863`	`6870`	`<variablelist>`
`6864`	`6871`
`6865`	`6872`	`<varlistentry id="guc-application-name" xreflabel="application_name">`
`@@ -7458,6 +7465,10 @@ log_line_prefix = '%m [%p] %q%u@%d/%a '`
`7458`	`7465`	`planning). Set <varname>log_min_error_statement</varname> to`
`7459`	`7466`	`<literal>ERROR</literal> (or lower) to log such statements.`
`7460`	`7467`	`</para>`
	`7468`	`+ <para>`
	`7469`	`+ Logged statements might reveal sensitive data and even contain`
	`7470`	`+ plaintext passwords.`
	`7471`	`+ </para>`
`7461`	`7472`	`</note>`
`7462`	`7473`	`</listitem>`
`7463`	`7474`	`</varlistentry>`

`‎doc/src/sgml/maintenance.sgml`

Lines changed: 19 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -977,7 +977,25 @@ analyze threshold = analyze base threshold + analyze scale factor * number of tu`
`977`	`977`	`It is a good idea to save the database server's log output`
`978`	`978`	`somewhere, rather than just discarding it via <filename>/dev/null</filename>.`
`979`	`979`	`The log output is invaluable when diagnosing`
`980`		`- problems. However, the log output tends to be voluminous`
	`980`	`+ problems.`
	`981`	`+ </para>`
	`982`	`+`
	`983`	`+ <note>`
	`984`	`+ <para>`
	`985`	`+ The server log can contain sensitive information and needs to be protected,`
	`986`	`+ no matter how or where it is stored, or the destination to which it is routed.`
	`987`	`+ For example, some DDL statements might contain plaintext passwords or other`
	`988`	`+ authentication details. Logged statements at the <literal>ERROR</literal>`
	`989`	`+ level might show the SQL source code for applications`
	`990`	`+ and might also contain some parts of data rows. Recording data, events and`
	`991`	`+ related information is the intended function of this facility, so this is`
	`992`	`+ not a leakage or a bug. Please ensure the server logs are visible only to`
	`993`	`+ appropriately authorized people.`
	`994`	`+ </para>`
	`995`	`+ </note>`
	`996`	`+`
	`997`	`+ <para>`
	`998`	`+ Log output tends to be voluminous`
`981`	`999`	`(especially at higher debug levels) so you won't want to save it`
`982`	`1000`	`indefinitely. You need to <emphasis>rotate</emphasis> the log files so that`
`983`	`1001`	`new log files are started and old ones removed after a reasonable`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit50e088d

File tree

2 files changed

2 files changed

`‎doc/src/sgml/config.sgml`

`‎doc/src/sgml/maintenance.sgml`

0 commit comments