We get this message in our apache http-error.log all the time.
49694 Apache::DBI need ping: 49694 Apache::DBI
new connect to
’dbname=rt3;host=localhost^\rt_user^\password^\AutoCommit=1^\PrintError=
1^\Username=rt_user’
Why are the password logged in plain text?
// Jens
We get this message in our apache http-error.log all the time.
49694 Apache::DBI need ping: 49694 Apache::DBI
new connect to
‘dbname=rt3;host=localhost^\rt_user^\password^\AutoCommit=1^
\PrintError=
1^\Username=rt_user’Why are the password logged in plain text?
Did you set LogLevel to ‘debug’ somewhere? And why do
untrustworthy people have access to your log files?
No, no debug loglevel.
And of course no, there are no untrustworthy people that have access to
our log files but passwords shouldn’t be stored in our log files.
// Jens
You can see this only when Apache::DBI::DEBUG variable set to 1 or
greater, by default it’s 0 and RT doesn’t change it. Grep for this var
in your code or in httpd confs.On 3/9/06, Jens Andersson jens.andersson@teleservice.net wrote:
We get this message in our apache http-error.log all the time.
49694 Apache::DBI need ping: 49694 Apache::DBI
new connect to
‘dbname=rt3;host=localhost^\rt_user^\password^\AutoCommit=1^
\PrintError=
1^\Username=rt_user’Why are the password logged in plain text?
Did you set LogLevel to ‘debug’ somewhere? And why do
untrustworthy people have access to your log files?No, no debug loglevel.
And of course no, there are no untrustworthy people that have access to
our log files but passwords shouldn’t be stored in our log files.// Jens
Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.comDiscover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.comWe’re hiring! Come hack Perl for Best Practical: Careers — Best Practical Solutions
Best regards, Ruslan.
This sure sounds like an issue with Apache::DBI. What happens
if you try RT without Apache::DBI?
I tried without Apache::DBI and now it’s ok. Is there any bad things to
not run RT with Apache::DBI?
// Jens