Prevent failed passwords from being echoed to server logs, for security.

author Bruce Momjian

Tue, 5 Mar 2002 07:57:45 +0000 (07:57 +0000)

committer Bruce Momjian

Tue, 5 Mar 2002 07:57:45 +0000 (07:57 +0000)
author Bruce Momjian
Tue, 5 Mar 2002 07:57:45 +0000 (07:57 +0000)
committer Bruce Momjian
Tue, 5 Mar 2002 07:57:45 +0000 (07:57 +0000)
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c

index 7c090b933297cad5daeb48a358da11bb9a462b6f..637e2a623ebe0d0c694ad10a72e04c7054c82ab0 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
   *
   *
   * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.78 2002/03/05 06:52:05 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.79 2002/03/05 07:57:45 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -663,7 +663,9 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_re
  
         initStringInfo(&buf);
         pq_getstr(&buf);
-       elog(DEBUG5, "received PAM packet with len=%d, pw=%s", len, buf.data);
+       
+       /* Do not echo failed password to logs, for security. */
+       elog(DEBUG5, "received PAM packet");
  
         if (strlen(buf.data) == 0)
         {