Posgresql user password appears in clear in capistrano.log #55
Assignees
Labels
Comments
|
Yep, I agree. It's a consequence of using the new execute instead of the test command. Curious what others think about this too. |
|
Feature request to wrap a section of execute's arguments to hide them in the STDOUT and logs: capistrano/sshkit#429 |
|
Submitted capistrano/sshkit#430 for review of the feature |
|
So close to getting this feature into sshkit. Once it's in, I'll release 5.1.0 with the feature. |
|
capistrano/sshkit#430 merged into master. Waiting on next release sometime next week. |
|
Part of 6.0.0. Please let me know if you see any bugs! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a new user is created in the postgresql database, the password appears in clear in the log file and at the screen during deployment. It would be better to hide it as it could be considered a security breach if someone get access to the log file or looking at the screen over the shoulder.
It think this is a feature to be added in the future. Or a new parameter that can request hiding the create user command from the log. A warning in the readme file would also be appropriate. My 2 cents...
Guy
The text was updated successfully, but these errors were encountered: