pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: AllanBoydCA (@AllanBoydCA) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
Date: Wed, 09 Apr 2025 18:07:39 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
Thanks for the quick response @vlsi and clarification. I see what you mean.
pgJDBC driver is (obviously) a JDBC driver :), which I guess can be plugged into lots of other libraries since it's standard JDBC. Is that right? If so, then the application might be a bit far away from handling the exception sometimes. It might be that the exception is logged by a 3rd party configured to use pgJDBC e.g. [HikariCP](https://github.com/brettwooldridge/HikariCP).
It's true what you say that use of ex.getMessage() is out of pgJDBC control. Would you disagree that by having logServerErrorDetail default to true, it is generally more likely that PII is leaked?
It may be the case of course that there are pgJDBC clients who rely logServerErrorDetail defaulting to true so I can imagine their might be reluctance to change the default setting.
view thread (7+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox