Re: Add explicit warnings about unsafe OAuth trace output for libpq

Hello

I have re-attached the same patches with simplified commit messages,
and I also marked the PG18 version with nocfbot so the master version
can apply correctly.

On Tue, Apr 7, 2026 at 7:28 PM Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> wrote:
>
> Hello
>
> This is based on earlier messages in the thread about OAUTHDEBUG splitting[1]:
>
> >> With the same logic, shouldn't we print a very visible warning when
> >> somebody enables trace? Since it's a long output, maybe to both the
> >> beginning and end of the flow?
> >
> > I'm more than happy to strengthen this as well, but let's kick that
> > out to its own thread, especially if pieces are backpatchable.
>
> The documentation already mentions that this option is unsafe because
> it prints out the HTTP traffic as-is, including secrets, but the
> output itself lacks a warning about it.
>
> Because the output is long, users might not notice that copy-pasting
> it or saving it to disk will share sensitive information. To increase
> visibility, this patch adds a warning to both the beginning and the
> end of the output.
>
> I also attached a version for 18, since this seems to be a useful
> change to backport. With the recent changes this is slightly different
> on 19.
>
> [1]: https://www.postgresql.org/message-id/CAOYmi%2Bkfw76zPa-tZPNs4KjxwthGLkQfpGyoKzMMy8_oNJz4DQ%40mail.gmail.com