Security: Redact Database Password from Errors #6827
Assignees
Labels
type:feature_request
feature request
Comments
|
We do not log any information. The error mentioned above comes from the driver, so it should be addressed and fixed within the driver itself. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
Provide the ability to hide the database password from logs/error messages. Perhaps as an additional field in
gorm.Config, perhaps as an option within struct tags (@DOOduneye), or both.Motivation
This would enhance security by preventing sensitive database passwords from being exposed in error messages. Currently, when an error occurs in database interactions, the password may inadvertently appear in error logs or messages, posing a potential security risk. Adding an additional field in
gorm.Configto hide the database password will help mitigate this risk and improve overall system security.Adding this as an option that defaults to hiding the password, then opting in to showing it will provide a guardrail for gorm users. Or at a more granular level with struct tags will help prevent inadvertent secret leaking.
Related Issues
See @ctholho 's issue in postgres
The text was updated successfully, but these errors were encountered: