https://www.npgsql.org/doc/connection-string-parameters.html
Include Error Detail - When enabled, PostgreSQL error and notice details are included on PostgresException.Detail and PostgresNotice.Detail. These can contain sensitive data.
If I provide the "Include Error Detail=True" in the connection stringg to PostgreSQL, what sensitive data do I need to be concerned about? If the query itself is returned in an exception or error message, that is fine by me, but if say the connection password were returned in plaintext obviously that would be bad. What sensitive data is conditionally included in errors based on this parameter?
CodePudding user response:
These messages include no sensitive data that the database user should not see. So I wouldn't worry, unless perhaps you show the information to the application user rather than logging them. Your database user may have access to information that the application user shouldn't see.