From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Shay Rojansky <roji(at)roji(dot)org> |
Cc: | William Denton <wdenton(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Row data is reflected in DETAIL message when constraints fail on insert/update |
Date: | 2019-06-20 14:12:44 |
Message-ID: | 9ad9c755-09f8-e77d-ceb9-fe6f07790ebd@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 6/20/19 4:26 AM, Shay Rojansky wrote:
> Shay here, maintainer of the Npgsql driver for .NET.
>
> >> Is there a setting where i can disable the DETAIL field being populated
> >> with row data?
> >
> > See:
> >
> >
> https://www.postgresql.org/docs/11/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT
> >
> > log_error_verbosity
>
> While this is helpful, this does not seem to quite fit:
>
> 1. As this is about personal sensitive data (including conceivably
> authentication information), the fact that the default is to log seems
> problematic.
> 2. The TERSE setting also disables HINT, QUERY and CONTEXT.
> 3. There may be other information sent in the DETAIL messages which does
> not contain sensitive data. There's no reason to have that disabled
> along with the sensitive data.
>
> In other words, this isn't about verbosity, but about sensitive data.
> It seems like a specific knob for sensitive information may be required,
> which would be off by default and would potentially affect other fields
> as well (if relevant).
As Karsten said that is beyond the scope of the Postgres logging. The
prudent thing would be to prevent the log information reaching the
application logs. Or put it a log that can only be seen by authorized
personnel.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Ben Hood | 2019-06-20 14:19:48 | Detaching multiple partitions in 1 ALTER TABLE statement |
Previous Message | Karsten Hilbert | 2019-06-20 11:45:27 | Re: Row data is reflected in DETAIL message when constraints fail on insert/update |