[rt-users] Logging DB password in http-error.log
Jens Andersson
jens.andersson at teleservice.net
Thu Mar 9 06:59:07 EST 2006
> > We get this message in our apache http-error.log all the time.
> >
> > 49694 Apache::DBI need ping: 49694 Apache::DBI
> > new connect to
> > 'dbname=rt3;host=localhost^\rt_user^\password^\AutoCommit=1^
> > \PrintError=
> > 1^\Username=rt_user'
> >
> > Why are the password logged in plain text?
>
> Did you set LogLevel to 'debug' somewhere? And why do
> untrustworthy people have access to your log files?
No, no debug loglevel.
And of course no, there are no untrustworthy people that have access to
our log files but passwords shouldn't be stored in our log files.
// Jens
More information about the rt-users
mailing list