Message-ID: <gh-postgresql-interfaces-psqlodbc-184-c4450404315@github.com>
From: "jarvis24young (@jarvis24young)" <noreply+jarvis24young@github.com>
To: "postgresql-interfaces/psqlodbc" <noreply+postgresql-interfaces-psqlodbc@github.com>
Date: Thu, 14 May 2026 11:49:33 +0000
Subject: Re: [postgresql-interfaces/psqlodbc] PR #184: Redact sensitive connection parameters in logs
In-Reply-To: <gh-postgresql-interfaces-psqlodbc-184@github.com>
References: <gh-postgresql-interfaces-psqlodbc-184@github.com>
List-Id: <gh-postgresql-interfaces-psqlodbc.github.com>
X-GitHub-Author-Login: jarvis24young
X-GitHub-Comment-Id: 4450404315
X-GitHub-Comment-Type: issue_comment
X-GitHub-Issue: 184
X-GitHub-Repo: postgresql-interfaces/psqlodbc
X-GitHub-Type: comment
X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/184#issuecomment-4450404315
Content-Type: text/plain; charset=utf-8

Thanks Dave. I narrowed the redaction list to password, passfile, sslpassword, and sslkey, so sslcert, sslrootcert, sslcrl, and sslcrldir remain visible in the expanded PQconnectdbParams log for SSL diagnostics. I kept the raw pqopt string fully redacted because it can contain arbitrary libpq parameters, including secrets, while the parsed parameter log still preserves non-sensitive values for troubleshooting. I believe this addresses your requested change; please let me know if you'd like anything else adjusted before merge.