Initial data load fails on PostgreSQL: pg_stat_statements activated db settings opens a vulnerability

search cancel

Initial data load fails on PostgreSQL: pg_stat_statements activated db settings opens a vulnerability

book

Article ID: 366702

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

One Automation (on-premise or AAKE) on PostgreSQL requires pg_stat_statements to be activated. This opens a vulnerability: The password of the created user can appear in cleartext in logs.

Case 1: pg_stat_statements.track_utility off

Follow up of Initial data load fails on PostgreSQL: pg_stat_statements activated db settings opens a vulnerability. The password is returned in cleartext..

Environment

AAKE any version

Cause

This is a property that comes with activation of the pg_stat_statements module.

This activation of this module is mandatory for the AAKE deployment.

Resolution

This behavior has been changed in the release 21.0.10 of AAKE.

In version 21.0.10, the activation of pg_stat_statements will no longer be mandatory, but only recommended by Broadcom.

Additional Information

R&D ticket

ID: AE-35204

Title: Follow up of Initial data load fails on PostgreSQL: pg_stat_statements activated db settings opens a vulnerability

Feedback

thumb_up Yes

thumb_down No