Message-ID: <gh-postgresql-interfaces-psqlodbc-101@github.com>
From: "omeuid (@omeuid)" <noreply+omeuid@github.com>
To: "postgresql-interfaces/psqlodbc" <noreply+postgresql-interfaces-psqlodbc@github.com>
Date: Mon, 07 Apr 2025 14:21:40 +0000
Subject: [postgresql-interfaces/psqlodbc] issue #101: Test connection always show password in log file.
List-Id: <gh-postgresql-interfaces-psqlodbc.github.com>
X-GitHub-Author-Id: 6940566
X-GitHub-Author-Login: omeuid
X-GitHub-Issue: 101
X-GitHub-Repo: postgresql-interfaces/psqlodbc
X-GitHub-State: open
X-GitHub-Type: issue
X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/issues/101
Content-Type: text/plain; charset=utf-8

If you enable logging in a DSN, when you click on the 'Test connection' button, several log sentences include the connection string without hiding the password property.

In the `drvconn.c` file, the FORCE_PASSWORD_DISPLAY flag is defined:

```
#define	FORCE_PASSWORD_DISPLAY
#define	NULL_IF_NULL(a) (a ? a : "(NULL)")
```

So every time the flag is checked to determine if the password must be hidden, the connection string will not be hidden. 

I found the following three cases:
* In `PGAPI_DriverConnect` method:
```
#ifdef	FORCE_PASSWORD_DISPLAY
	MYLOG(0, "**** fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, connStrIn);
#else
	if (get_mylog())
	{
		char	*hide_str = hide_password(connStrIn);

		MYLOG(0, "**** fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, NULL_IF_NULL(hide_str));
		if (hide_str)
			free(hide_str);
	}
#endif	/* FORCE_PASSWORD_DISPLAY */
```

* Also, the following code appears in the same method
```
#ifdef	FORCE_PASSWORD_DISPLAY
	if (cbConnStrOutMax > 0)
	{
		MYLOG(0, "szConnStrOut = '%s' len=" FORMAT_SSIZE_T ",%d\n", NULL_IF_NULL((char *) szConnStrOut), len, cbConnStrOutMax);
	}
#else
	if (get_mylog())
	{
		char	*hide_str = NULL;

		if (cbConnStrOutMax > 0)
			hide_str = hide_password(szConnStrOut);
		MYLOG(0, "szConnStrOut = '%s' len=%d,%d\n", NULL_IF_NULL(hide_str), len, cbConnStrOutMax);
		if (hide_str)
			free(hide_str);
	}
#endif /* FORCE_PASSWORD_DISPLAY */
```
* And the last occurrence can be found in `dconn_get_attributes` method:
```
#ifdef	FORCE_PASSWORD_DISPLAY
	MYLOG(0, "our_connect_string = '%s'\n", our_connect_string);
#else
	if (get_mylog())
	{
		char	*hide_str = hide_password(our_connect_string);

		MYLOG(0, "our_connect_string = '%s'\n", hide_str);
		free(hide_str);
	}
#endif /* FORCE_PASSWORD_DISPLAY */
```

I assume that this is not the expected behavior.
* Maybe the password could be shown only at a certain log level.

What do you think?

Regard,
Carlos