Filesystem security includes the log files. You should keep the log contents secret. You don't want to expose table data by exposing the log files because they contain statements that include data values. In particular you don't want to expose account passwords that are included in statements such as CREATE USER or SET PASSWORD. To keep your log files secure, follow the data directory protection procedures outlined in Section 35.3, "Filesystem Security." Log exposure constitutes a security risk that must be addressed by protecting the log files, but logs also play a role in enhancing security. Certain logs, if enabled, provide data security or information that is useful in the event of attack:
|