Message-ID: <gh-pgjdbc-pgjdbc-3050@github.com>
From: "ul84222 (@ul84222)" <noreply+ul84222@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Sat, 02 Dec 2023 14:51:25 +0000
Subject: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Id: 126624479
X-GitHub-Author-Login: ul84222
X-GitHub-Issue: 3050
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-State: open
X-GitHub-Type: issue
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/3050
Content-Type: text/plain; charset=utf-8

**Describe the issue**

Default driver settings can result in PII leakage. It brings some compliance risks to the driver users (especially Healthcare and FinTech sectors).

**How?**
The exception messages might contain `PreparedStatement` parameter values which might result PII leakage because the exceptions are usually logged and the log storages usually are not capable of storing PII,PHI.

**To Reproduce**
```java
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Properties;

public class Example {
    public static void main(String []args) throws Exception {
         String url = "jdbc:postgresql://localhost:5432/test";

         Properties props = new Properties();
         props.setProperty("user", "test");
         props.setProperty("password", "test");
        
         Connection connection = DriverManager.getConnection(url, props);

         try (var statement = connection.createStatement()) {
             statement.executeUpdate("CREATE TABLE IF NOT EXISTS pii_leakage_example(id TEXT PRIMARY KEY)");
         }

         try (var ps = connection.prepareStatement("INSERT INTO pii_leakage_example VALUES(?)")) {
             ps.setString(1, "PII DATA");
             ps.addBatch();

             ps.setString(1, "PII DATA");
             ps.addBatch();
             ps.executeBatch();
         } catch (SQLException ex) {
             // The exception will most likely be logged. As it contains the parameter value it might be considered as PII leakage.
             //
             // Output:
             //  Batch entry 0 INSERT INTO pii_leakage_example VALUES('PII DATA') was aborted: ERROR: duplicate key value violates unique constraint "pii_leakage_example_pkey"
             //  Detail: Key (id)=(PII DATA) already exists.  Call getNextException to see other errors in the batch.
             System.out.println(">>> " + ex.getMessage() + " <<<");
         }
    }
}

```

**Expected behaviour**
-  Exception message does not contain prepared statement parameter values.

Probably we misinterpreted `logServerErrorDetail` parameter in https://github.com/pgjdbc/pgjdbc/issues/2147.

- If we do, I assume we should not log parameter values at all;
- If we do not, it would be nice to have the default value as `false`.