Home > mailing lists

Re: Emit postgres log messages that have security or PII with special flags/error code/elevel - Mailing list pgsql-hackers

From	Julien Rouhaud
Subject	Re: Emit postgres log messages that have security or PII with special flags/error code/elevel
Date	June 27, 2022 18:34:13
Msg-id	20220627153413.6ylpozwmqq3nvujc@jrouhaud Whole thread Raw
In response to	Emit postgres log messages that have security or PII with special flags/error code/elevel (Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>)
List	pgsql-hackers

Tree view

Hi,

On Mon, Jun 27, 2022 at 06:41:21PM +0530, Bharath Rupireddy wrote:
>
> Here's an idea - what if postgres can emit log messages that have sensitive
> information with special error codes or flags? The emit_log_hook
> implementers will then just need to look for those special error codes or
> flags to treat them differently.

This has been discussed multiple times in the past, and always rejected.  The
main reason for that is that it's impossible to accurately determine whether a
message contains sensitive information or not, and if it were there wouldn't be
a single definition that would fit everyone.

As a simple example, how would you handle the log emitted by this query?

ALTERR OLE myuser WITH PASSWORD 'my super secret password';

pgsql-hackers by date:

From: Jacob Champion
Date: 27 June 2022, 18:33:19
Subject: [Commitfest 2022-07] Begins This Friday

From: Alvaro Herrera
Date: 27 June 2022, 18:37:39
Subject: Re: Lazy JIT IR code generation to increase JIT speed with partitions

Re: Emit postgres log messages that have security or PII with special flags/error code/elevel - Mailing list pgsql-hackers

Previous

Next