On 6/20/19 4:26 AM, Shay Rojansky wrote:
Shay here, maintainer of the Npgsql driver for .NET.
>> Is there a setting where i can disable the DETAIL field being populated
>> with row data?
>
> See:
>
>
https://www.postgresql.org/docs/11/runtime-config-logging.html#RUNTIME-CONFIG-LOGGING-WHAT
>
> log_error_verbosity
While this is helpful, this does not seem to quite fit:
1. As this is about personal sensitive data (including conceivably
authentication information), the fact that the default is to log seems
problematic.
2. The TERSE setting also disables HINT, QUERY and CONTEXT.
3. There may be other information sent in the DETAIL messages which does
not contain sensitive data. There's no reason to have that disabled
along with the sensitive data.
In other words, this isn't about verbosity, but about sensitive data.
It seems like a specific knob for sensitive information may be required,
which would be off by default and would potentially affect other fields
as well (if relevant).
As Karsten said that is beyond the scope of the Postgres logging. The
prudent thing would be to prevent the log information reaching the
application logs. Or put it a log that can only be seen by authorized
personnel.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
