pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feed[pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
7+ messages / 5 participants
[nested] [flat]
* [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2023-12-02 14:51 "ul84222 (@ul84222)" <[email protected]>
0 siblings, 0 replies; 7+ messages in thread
From: ul84222 (@ul84222) @ 2023-12-02 14:51 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
**Describe the issue**
Default driver settings can result in PII leakage. It brings some compliance risks to the driver users (especially Healthcare and FinTech sectors).
**How?**
The exception messages might contain `PreparedStatement` parameter values which might result PII leakage because the exceptions are usually logged and the log storages usually are not capable of storing PII,PHI.
**To Reproduce**
```java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;
public class Example {
public static void main(String []args) throws Exception {
String url = "jdbc:postgresql://localhost:5432/test";
Properties props = new Properties();
props.setProperty("user", "test");
props.setProperty("password", "test");
Connection connection = DriverManager.getConnection(url, props);
try (var statement = connection.createStatement()) {
statement.executeUpdate("CREATE TABLE IF NOT EXISTS pii_leakage_example(id TEXT PRIMARY KEY)");
}
try (var ps = connection.prepareStatement("INSERT INTO pii_leakage_example VALUES(?)")) {
ps.setString(1, "PII DATA");
ps.addBatch();
ps.setString(1, "PII DATA");
ps.addBatch();
ps.executeBatch();
} catch (SQLException ex) {
// The exception will most likely be logged. As it contains the parameter value it might be considered as PII leakage.
//
// Output:
// Batch entry 0 INSERT INTO pii_leakage_example VALUES('PII DATA') was aborted: ERROR: duplicate key value violates unique constraint "pii_leakage_example_pkey"
// Detail: Key (id)=(PII DATA) already exists. Call getNextException to see other errors in the batch.
System.out.println(">>> " + ex.getMessage() + " <<<");
}
}
}
```
**Expected behaviour**
- Exception message does not contain prepared statement parameter values.
Probably we misinterpreted `logServerErrorDetail` parameter in https://github.com/pgjdbc/pgjdbc/issues/2147.
- If we do, I assume we should not log parameter values at all;
- If we do not, it would be nice to have the default value as `false`.
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2023-12-02 15:06 ` "vlsi (@vlsi)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: vlsi (@vlsi) @ 2023-12-02 15:06 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Applications should log the exceptions properly. I think it is not an issue from the driver perspective. It would be great if you can link a guideline for drivers.
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2025-04-09 17:14 ` "AllanBoydCA (@AllanBoydCA)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: AllanBoydCA (@AllanBoydCA) @ 2025-04-09 17:14 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Hi. This is quite an old ticket now but is perhaps an opportunity to improve ybJDBC by reducing risk of PII leakage. With logServerErrorDetail defaulting to true, it can result in leaked PII unless the client is aware of the default setting and takes steps to set it to false. Thanks @vlsi for responding to the initial request. Could you elaborate on what you meant by "Applications should log the exceptions properly"?
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2025-04-09 17:44 ` "vlsi (@vlsi)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: vlsi (@vlsi) @ 2025-04-09 17:44 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
@AllanBoydCA , I mean that the driver itself does not log the exception. The following code in the issue description is out of pgjdbc's control: `System.out.println(">>> " + ex.getMessage() + " <<<");`
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2025-04-09 18:07 ` "AllanBoydCA (@AllanBoydCA)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: AllanBoydCA (@AllanBoydCA) @ 2025-04-09 18:07 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Thanks for the quick response @vlsi and clarification. I see what you mean.
pgJDBC driver is (obviously) a JDBC driver :), which I guess can be plugged into lots of other libraries since it's standard JDBC. Is that right? If so, then the application might be a bit far away from handling the exception sometimes. It might be that the exception is logged by a 3rd party configured to use pgJDBC e.g. [HikariCP](https://github.com/brettwooldridge/HikariCP).
It's true what you say that use of ex.getMessage() is out of pgJDBC control. Would you disagree that by having logServerErrorDetail default to true, it is generally more likely that PII is leaked?
It may be the case of course that there are pgJDBC clients who rely logServerErrorDetail defaulting to true so I can imagine their might be reluctance to change the default setting.
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2026-05-25 19:37 ` "ahus1 (@ahus1)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: ahus1 (@ahus1) @ 2026-05-25 19:37 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
Let's collect up-votes for this one to change the default - I added mine at the top description. Unforatunately, it was the only one so far.
The EU published a law as "Cyber Resilience Act", which requests "secure by default" configurations (see [Annex I](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#anx_I)). So everything that is not secure-by-default could be considered a bug. So with secure-by-default, this would require all users to switch this to `false` to prevent leaking PII and other sensitive data to the logs, or the driver to defaulting to `false`.
^ permalink raw reply [nested|flat] 7+ messages in thread
* Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
@ 2026-05-26 10:16 ` "davecramer (@davecramer)" <[email protected]>
5 siblings, 0 replies; 7+ messages in thread
From: davecramer (@davecramer) @ 2026-05-26 10:16 UTC (permalink / raw)
To: pgjdbc/pgjdbc <[email protected]>
I see no reason not to change it to default to false.
^ permalink raw reply [nested|flat] 7+ messages in thread
end of thread, other threads:[~2026-05-26 10:16 UTC | newest]
Thread overview: 7+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2023-12-02 14:51 [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage "ul84222 (@ul84222)" <[email protected]>
2023-12-02 15:06 ` "vlsi (@vlsi)" <[email protected]>
2025-04-09 17:14 ` "AllanBoydCA (@AllanBoydCA)" <[email protected]>
2025-04-09 17:44 ` "vlsi (@vlsi)" <[email protected]>
2025-04-09 18:07 ` "AllanBoydCA (@AllanBoydCA)" <[email protected]>
2026-05-25 19:37 ` "ahus1 (@ahus1)" <[email protected]>
2026-05-26 10:16 ` "davecramer (@davecramer)" <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox