| From: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
|---|---|
| To: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Emit postgres log messages that have security or PII with special flags/error code/elevel |
| Date: | 2022-06-27 15:34:13 |
| Message-ID: | 20220627153413.6ylpozwmqq3nvujc@jrouhaud |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Mon, Jun 27, 2022 at 06:41:21PM +0530, Bharath Rupireddy wrote:
>
> Here's an idea - what if postgres can emit log messages that have sensitive
> information with special error codes or flags? The emit_log_hook
> implementers will then just need to look for those special error codes or
> flags to treat them differently.
This has been discussed multiple times in the past, and always rejected. The
main reason for that is that it's impossible to accurately determine whether a
message contains sensitive information or not, and if it were there wouldn't be
a single definition that would fit everyone.
As a simple example, how would you handle the log emitted by this query?
ALTERR OLE myuser WITH PASSWORD 'my super secret password';
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2022-06-27 15:37:39 | Re: Lazy JIT IR code generation to increase JIT speed with partitions |
| Previous Message | Jacob Champion | 2022-06-27 15:33:19 | [Commitfest 2022-07] Begins This Friday |