Re: Row data is reflected in DETAIL message when constraints fail on insert/update

From: Ravi Krishna <ravikrishna(at)mail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>, PG <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Row data is reflected in DETAIL message when constraints fail on insert/update
Date: 2019-06-20 16:42:16
Message-ID: 9B4574FD-05FA-40CE-A5DB-3820B4E73C75@mail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> More generally: I find this complaint a little confusing. We did not
> consider reporting the "show row contents" DETAIL to the client to be a
> security hazard when it was added, because one would think that that's
> just data that the client already knows anyway. I'd be interested to see
> a plausible use-case in which the message would reflect PII that had not
> been supplied by or available to the client.

I had the same issue in pgaudit which was spilling PHI data in PG logs which we
were feeding to sumologic. I had to write a python masking program to strip out
literal values from the PG log.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2019-06-20 17:09:43 Re: Detaching multiple partitions in 1 ALTER TABLE statement
Previous Message Tom Lane 2019-06-20 16:27:42 Re: Row data is reflected in DETAIL message when constraints fail on insert/update