On 6/20/19 4:26 AM, Shay Rojansky wrote:
> Shay here, maintainer of the Npgsql driver for .NET.
>
> >> Is there a setting where i can disable the DETAIL field being populated
> >> with row data?
> >
> > See:
> >
> >
> https://www.postgresql.org/docs/11/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT
> >
> > log_error_verbosity
>
> While this is helpful, this does not seem to quite fit:
>
> 1. As this is about personal sensitive data (including conceivably
> authentication information), the fact that the default is to log seems
> problematic.
> 2. The TERSE setting also disables HINT, QUERY and CONTEXT.
> 3. There may be other information sent in the DETAIL messages which does
> not contain sensitive data. There's no reason to have that disabled
> along with the sensitive data.
>
> In other words, this isn't about verbosity, but about sensitive data.
> It seems like a specific knob for sensitive information may be required,
> which would be off by default and would potentially affect other fields
> as well (if relevant).
As Karsten said that is beyond the scope of the Postgres logging. The
prudent thing would be to prevent the log information reaching the
application logs. Or put it a log that can only be seen by authorized
personnel.
--
Adrian Klaver
adrian.klaver@aklaver.com
