Database password is printed in logfile when DEBUG logging is enabled

On Tuesday 20 September 2011, you wrote:
> *** This bug is a security vulnerability ***
>
> Private security bug reported:
>
> This is a real big security issue, this information NEVER should go to
> log.
>
> The server is printing:
> db.connection_pool:ConnectionPool(used=0/count=0/max=64): Close all
> connections to 'port=5434 user=DBUSER password=PASSWORD dbname=tr3'
>

Well, it is not critical IMHO..

In terms of security, you shouldn't have used a password (alone) as means of
authenticating to the postgres database.

The reason is, that this password is unconditionally accessible by the user
running the openerp server. That is, any module, any python eval()'ed snippet
could read this password and send it out. The fact that one log file, also
belonging to the same user, contains that password, is no less secure than
"openerp-server.conf" itself.

Moreover, this information is only logged when pooler is at 'debug' log-level.
This means that the admin of the system wishes to log too much information,
which shouldn't happen in a production machine anyway.

Therefore, I'd like to reduce the severity of this bug.
Yes, I agree that no password should be logged in plaintext, but this one is
not our weak point.

I agree with xrg, this is definitely not a critical issue if you think about it for a minute. And by the way, the database password is not likely to be a kind of personal gmail/facebook password.

I can see this as a wishlist, but not more than that. If you really want to avoid leaking the database password in all circumstances, you should setup the postgres connection without any password, for example using UNIX sockets and ident authentication.