Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Undocumented property logServerErrorDetail does not prevent server error leakage i BatchResultHandler #2147

Closed
1 task
frode-carlsen opened this issue May 12, 2021 · 1 comment
Closed
1 task

Undocumented property logServerErrorDetail does not prevent server error leakage i BatchResultHandler #2147

frode-carlsen opened this issue May 12, 2021 · 1 comment

Comments

@frode-carlsen
Copy link
Contributor

I'm submitting a ...

  • [ x] bug report
  • feature request

Describe the issue
The commit cd0b555 introduced the property logServerErrorDetail to prevent logging of sensitive server errors such as statements with embedded keys etc.

However, when the BatchResultHandler converts PSQLExceptions to BatchUpdateExceptions this will still leak sensitive sql, which may contain keys, passwords, PII, or similar to logs.

Driver Version?
42.2.20

Java Version?
11

OS Version?
Windows

PostgreSQL Version?
12

To Reproduce
force a constraintviolationexception such as duplicate index. When done in a batch this will expose a BatchUpdateException which will contain the full statement along with all parameters to the sql.

Expected behaviour
BatchUpdateException should not expose server errors when logServerErrorDetail is set to false (default is already true)

Logs
n/a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frode-carlsen @sehrope