Re: [postgresql-interfaces/psqlodbc] PR #184: Redact sensitive connection parameters in logs

postgresql-interfaces/psqlodbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: jarvis24young (@jarvis24young) <[email protected]>
To: postgresql-interfaces/psqlodbc <[email protected]>
Subject: Re: [postgresql-interfaces/psqlodbc] PR #184: Redact sensitive connection parameters in logs
Date: Sat, 30 May 2026 01:38:19 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

Thanks for the thorough review Dave. Here's how I addressed each point:

**stricmp portability**: psqlodbc.h already defines `#define stricmp strcasecmp` (line 355) for non-Windows and `#define stricmp _stricmp` (line 374) for Windows. The project uses `stricmp` consistently across 146+ call sites — this isn't a portability concern.

**pqopt redaction**: Replaced the blanket `<contains N chars, redacted>` with a best-effort parse-and-redact helper (`log_redacted_pqopt`). It scans the conninfo string and selectively redacts only sensitive key=value pairs (password, passfile, sslpassword, sslkey), while non-sensitive parameters (host, port, dbname, sslmode, etc.) remain fully visible for diagnostics. Whitespace around `=` is trimmed so edge cases like `password =secret` and `host= localhost` are handled correctly. The per-keyword PQconnectdbParams trace below remains the authoritative diagnostic view.

**PR description**: The code already matches the narrowed redaction list — only actual secrets are redacted; certificate and CRL paths stay visible for SSL debugging.

view thread (8+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://postgresql-interfaces/psqlodbc
  Cc: [email protected], [email protected]
  Subject: Re: [postgresql-interfaces/psqlodbc] PR #184: Redact sensitive connection parameters in logs
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox