Home > OS >  PostgreSQL - "Include Error Detail" connection string parameter - how sensitive is the inf
PostgreSQL - "Include Error Detail" connection string parameter - how sensitive is the inf

Time:10-21

https://www.npgsql.org/doc/connection-string-parameters.html

Include Error Detail - When enabled, PostgreSQL error and notice details are included on PostgresException.Detail and PostgresNotice.Detail. These can contain sensitive data.

If I provide the "Include Error Detail=True" in the connection stringg to PostgreSQL, what sensitive data do I need to be concerned about? If the query itself is returned in an exception or error message, that is fine by me, but if say the connection password were returned in plaintext obviously that would be bad. What sensitive data is conditionally included in errors based on this parameter?

CodePudding user response:

These messages include no sensitive data that the database user should not see. So I wouldn't worry, unless perhaps you show the information to the application user rather than logging them. Your database user may have access to information that the application user shouldn't see.

Page link:https//www.codepudding.com/os/583266.html

Prev:Filter exact date/time in postgresql
Next:How to install Timescaledb-toolkit extension on Windows server
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding