[pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage

pgjdbc/pgjdbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: ul84222 (@ul84222) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
Date: Sat, 02 Dec 2023 14:51:25 +0000
Message-ID: <[email protected]> (raw)

**Describe the issue**

Default driver settings can result in PII leakage. It brings some compliance risks to the driver users (especially Healthcare and FinTech sectors).

**How?**
The exception messages might contain `PreparedStatement` parameter values which might result PII leakage because the exceptions are usually logged and the log storages usually are not capable of storing PII,PHI.

**To Reproduce**
```java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;

public class Example {
    public static void main(String []args) throws Exception {
         String url = "jdbc:postgresql://localhost:5432/test";

         Properties props = new Properties();
         props.setProperty("user", "test");
         props.setProperty("password", "test");
        
         Connection connection = DriverManager.getConnection(url, props);

         try (var statement = connection.createStatement()) {
             statement.executeUpdate("CREATE TABLE IF NOT EXISTS pii_leakage_example(id TEXT PRIMARY KEY)");
         }

         try (var ps = connection.prepareStatement("INSERT INTO pii_leakage_example VALUES(?)")) {
             ps.setString(1, "PII DATA");
             ps.addBatch();

             ps.setString(1, "PII DATA");
             ps.addBatch();
             ps.executeBatch();
         } catch (SQLException ex) {
             // The exception will most likely be logged. As it contains the parameter value it might be considered as PII leakage.
             //
             // Output:
             //  Batch entry 0 INSERT INTO pii_leakage_example VALUES('PII DATA') was aborted: ERROR: duplicate key value violates unique constraint "pii_leakage_example_pkey"
             //  Detail: Key (id)=(PII DATA) already exists.  Call getNextException to see other errors in the batch.
             System.out.println(">>> " + ex.getMessage() + " <<<");
         }
    }
}

```

**Expected behaviour**
-  Exception message does not contain prepared statement parameter values.

Probably we misinterpreted `logServerErrorDetail` parameter in https://github.com/pgjdbc/pgjdbc/issues/2147.

- If we do, I assume we should not log parameter values at all;
- If we do not, it would be nice to have the default value as `false`.

view thread (7+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://pgjdbc/pgjdbc
  Cc: [email protected], [email protected]
  Subject: Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox