| From: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Subject: | Add explicit warnings about unsafe OAuth trace output for libpq |
| Date: | 2026-04-07 18:28:39 |
| Message-ID: | CAN4CZFOUG9csxguH_+cz=nQ8HQVKLcVvr=qJSbga+tj-3FZhLA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello
This is based on earlier messages in the thread about OAUTHDEBUG splitting[1]:
>> With the same logic, shouldn't we print a very visible warning when
>> somebody enables trace? Since it's a long output, maybe to both the
>> beginning and end of the flow?
>
> I'm more than happy to strengthen this as well, but let's kick that
> out to its own thread, especially if pieces are backpatchable.
The documentation already mentions that this option is unsafe because
it prints out the HTTP traffic as-is, including secrets, but the
output itself lacks a warning about it.
Because the output is long, users might not notice that copy-pasting
it or saving it to disk will share sensitive information. To increase
visibility, this patch adds a warning to both the beginning and the
end of the output.
I also attached a version for 18, since this seems to be a useful
change to backport. With the recent changes this is slightly different
on 19.
| Attachment | Content-Type | Size |
|---|---|---|
| rel18-0001-libpq-oauth-Warn-when-PGOAUTHDEBUG-trace-may-expose-.patch | application/octet-stream | 2.2 KB |
| 0001-libpq-oauth-Warn-when-PGOAUTHDEBUG-trace-may-expose-.patch | application/octet-stream | 2.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-04-07 18:57:40 | Re: domain for WITHOUT OVERLAPS |
| Previous Message | Lukas Fittl | 2026-04-07 18:24:20 | Re: Reduce timing overhead of EXPLAIN ANALYZE using rdtsc? |