Prevent failed passwords from being echoed to server logs, for security.

2024-12-27 08:39:28 +08:00 · 2002-03-05 06:52:05 +00:00 · 2002-03-05 06:52:05 +00:00 · 16d6615b41
commit 16d6615b41
parent afc732e610
1 changed files with 3 additions and 3 deletions
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.77 2002/03/04 01:46:02 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.78 2002/03/05 06:52:05 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -805,8 +805,8 @@ recv_and_check_password_packet(Port *port)
 		return STATUS_EOF;
 	}

-	elog(DEBUG5, "received password packet with len=%d, pw=%s",
-		 len, buf.data);
+	/* Do not echo failed password to logs, for security. */
+	elog(DEBUG5, "received password packet");

 	result = checkPassword(port, port->user, buf.data);
 	pfree(buf.data);