public inbox for [email protected]
help / color / mirror / Atom feedFrom: Zsolt Parragi <[email protected]>
To: Jacob Champion <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: [oauth] Split and extend PGOAUTHDEBUG
Date: Wed, 1 Apr 2026 22:12:58 +0100
Message-ID: <CAN4CZFOe5P9ZQbxKXJTnJYDF8bpnMGThyQw9QzCffTEZ=MqKvw@mail.gmail.com> (raw)
In-Reply-To: <CAOYmi+=865C93VegSzD9z4_uvutZwEZEUsS4P6jm3_i0paAMmA@mail.gmail.com>
References: <CAN4CZFMmDZMH56O9vb_g7vHqAk8ryWFxBMV19C39PFghENg8kA@mail.gmail.com>
<CAOYmi+k_et3yXpJ8op71-95j7OYg-kX5bWLgW9YTV_5G7f+O1A@mail.gmail.com>
<CAOYmi+kivcSnazEJA=KWknd3azGYnU3mMq9SUvht5Zq74qNcYQ@mail.gmail.com>
<CAN4CZFMKCB2OXPGW0R_hCSu4Gg==B7dBSrv6Mf-YuFcrUncADg@mail.gmail.com>
<CAOYmi+kCYZ3YiOu+oSv1gVW6LXQaNg4BcEpskYizWgfV1z12kA@mail.gmail.com>
<CAN4CZFPNL4xuNAwmD1-TUR-z+C84axb+cdhip26k3YBFYo9r1g@mail.gmail.com>
<CAOYmi+mN2OeFotwLKwwSDAuXHJ6xmrn3AtkUoHRcfAEENSFbMA@mail.gmail.com>
<CAOYmi+=865C93VegSzD9z4_uvutZwEZEUsS4P6jm3_i0paAMmA@mail.gmail.com>
> OAUTHDEBUG_LEGACY_UNSAFE?
That sounds better
> I think I'm missing something; how does the choice of .c/.h change
> things? There's no static tracking in v1 of the patchset
Eh, sorry about that, I was sure that I sent a version which handled
that to the list, but apparently I didn't. It didn't use
atomics/mutexes, so maybe it's better.
> `UNSAFE` is intended to be a weak defense against social engineering
> attacks. So these warnings need to be translated, if possible, and we
> should not provide instructions on how to defeat that defense.
With the same logic, shouldn't we print a very visible warning when
somebody enables trace? Since it's a long output, maybe to both the
beginning and end of the flow?
Attachments:
[application/octet-stream] nocfbot-tracewarning.diff (1.1K, 2-nocfbot-tracewarning.diff)
download | inline diff:
diff --git a/src/interfaces/libpq-oauth/oauth-curl.c b/src/interfaces/libpq-oauth/oauth-curl.c
index eb2fe35d0cc..ad8c8c4565b 100644
--- a/src/interfaces/libpq-oauth/oauth-curl.c
+++ b/src/interfaces/libpq-oauth/oauth-curl.c
@@ -3041,6 +3041,11 @@ pg_fe_run_oauth_flow(PGconn *conn, struct PGoauthBearerRequest *request,
actx->dbg_num_calls);
}
+ if ((actx->debug_flags & OAUTHDEBUG_UNSAFE_TRACE)
+ && (result == PGRES_POLLING_OK || result == PGRES_POLLING_FAILED))
+ fprintf(stderr,
+ libpq_gettext("WARNING: PGOAUTHDEBUG trace output above may contain secrets. Do not share with third parties.\n"));
+
#ifndef WIN32
if (masked)
{
@@ -3096,6 +3101,10 @@ pg_start_oauthbearer(PGconn *conn, PGoauthBearerRequestV2 *request)
/* Parse debug flags from the environment. */
actx->debug_flags = oauth_get_debug_flags();
+ if (actx->debug_flags & OAUTHDEBUG_UNSAFE_TRACE)
+ fprintf(stderr,
+ libpq_gettext("WARNING: PGOAUTHDEBUG trace is enabled. HTTP traffic (including secrets) will be logged.\n"));
+
initPQExpBuffer(&actx->work_data);
initPQExpBuffer(&actx->errbuf);
view thread (13+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: [oauth] Split and extend PGOAUTHDEBUG
In-Reply-To: <CAN4CZFOe5P9ZQbxKXJTnJYDF8bpnMGThyQw9QzCffTEZ=MqKvw@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox