Re: Row data is reflected in DETAIL message when constraints fail on insert/update

On 6/19/19 8:56 PM, William Denton wrote:
> When inserting up updating a row with not null constraints that are not
> satisfied, postgres reflects the values in the row in the error DETAIL.
>
> postgres=# create database test;
> CREATE DATABASE
> postgres=# \c test;
> psql (11.1 (Debian 11.1-3.pgdg90+1), server 11.2)
> You are now connected to database "test" as user "postgres".
> test=# create table person (firstname text not null, lastname text not
> null, email text not null);
> CREATE TABLE
> test=# insert into person values ('william', 'denton', null);
> ERROR:  null value in column "email" violates not-null constraint
> DETAIL:  Failing row contains (william, denton, null).
> test=# insert into person values ('william', 'denton',
> 'email(at)example(dot)com <mailto:email(at)example(dot)com>');
> INSERT 0 1
> test=# update person set email = null;
> ERROR:  null value in column "email" violates not-null constraint
> DETAIL:  Failing row contains (william, denton, null).
> test=#
>
> Is there a setting where i can disable the DETAIL field being populated
> with row data?

See:

https://www.postgresql.org/docs/11/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT

log_error_verbosity

>
> Currently sensitive data (PII in the case illustrated above) is being
> leaked by the database engine and relayed up into my application where
> is finds its way into application logs.
>
> I have also opened a github issue with Npgsql to see if its possible to
> suppress this DETAIL field in exceptions, but it seems this is an issue
> that all DB drivers/clients will face.
> https://github.com/npgsql/npgsql/issues/2501
>
> Being able to reflect out the data on a row without doing a select may
> be a security issue as well.
>
> Thank you!

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com