Message-ID: <gh-postgresql-interfaces-psqlodbc-184-c4581184108@github.com>
From: "jarvis24young (@jarvis24young)" <noreply+jarvis24young@github.com>
To: "postgresql-interfaces/psqlodbc" <noreply+postgresql-interfaces-psqlodbc@github.com>
Date: Sat, 30 May 2026 01:38:19 +0000
Subject: Re: [postgresql-interfaces/psqlodbc] PR #184: Redact sensitive connection parameters in logs
In-Reply-To: <gh-postgresql-interfaces-psqlodbc-184@github.com>
References: <gh-postgresql-interfaces-psqlodbc-184@github.com>
List-Id: <gh-postgresql-interfaces-psqlodbc.github.com>
X-GitHub-Author-Login: jarvis24young
X-GitHub-Comment-Id: 4581184108
X-GitHub-Comment-Type: issue_comment
X-GitHub-Issue: 184
X-GitHub-Repo: postgresql-interfaces/psqlodbc
X-GitHub-Type: comment
X-GitHub-Url: https://github.com/postgresql-interfaces/psqlodbc/pull/184#issuecomment-4581184108
Content-Type: text/plain; charset=utf-8

Thanks for the thorough review Dave. Here's how I addressed each point:

**stricmp portability**: psqlodbc.h already defines `#define stricmp strcasecmp` (line 355) for non-Windows and `#define stricmp _stricmp` (line 374) for Windows. The project uses `stricmp` consistently across 146+ call sites — this isn't a portability concern.

**pqopt redaction**: Replaced the blanket `<contains N chars, redacted>` with a best-effort parse-and-redact helper (`log_redacted_pqopt`). It scans the conninfo string and selectively redacts only sensitive key=value pairs (password, passfile, sslpassword, sslkey), while non-sensitive parameters (host, port, dbname, sslmode, etc.) remain fully visible for diagnostics. Whitespace around `=` is trimmed so edge cases like `password =secret` and `host= localhost` are handled correctly. The per-keyword PQconnectdbParams trace below remains the authoritative diagnostic view.

**PR description**: The code already matches the narrowed redaction list — only actual secrets are redacted; certificate and CRL paths stay visible for SSL debugging.