Karsten Hilbert <Karsten.Hilbert@xxxxxxx> writes: > On Thu, Jun 20, 2019 at 01:26:23PM +0200, Shay Rojansky wrote: >> In other words, this isn't about verbosity, but about sensitive data. It >> seems like a specific knob for sensitive information may be required, which >> would be off by default and would potentially affect other fields as well >> (if relevant). > A specifig knob for "sensitive data" cannot be supplied by > PostgreSQL because it cannot know beforehand what information > will be considered sensitive under a given, future, usage > scenario. Yeah, it's fairly hard to see how we could respond to this complaint without lobotomizing our error messages to the point of near uselessness. Almost any non-constant text in an error report could possibly be seen as hazardous. More generally: I find this complaint a little confusing. We did not consider reporting the "show row contents" DETAIL to the client to be a security hazard when it was added, because one would think that that's just data that the client already knows anyway. I'd be interested to see a plausible use-case in which the message would reflect PII that had not been supplied by or available to the client. regards, tom lane
