DataMapper/DataObjects logs database passwords on error
Rhett Sutphin
With DataMapper 1.2 and PostgreSQL I'm seeing database passwords be logged to the DataMapper log (twice!) when there's a database error. Example:
DM: ERROR: duplicate key value violates unique constraint "tsu_pkey"
DETAIL: Key (tsu_id)=(.) already exists. (code: 83906754, sql state: 23505, query: INSERT INTO "tsu" ("sc_id", "psu_id", "tsu_id", "tsu_name") VALUES ('200000XX', '200000XX', '.', '.'), uri: postgres:mdes_warehouse:ACTUAL_PASSWORD@server:5432mdes_warehouse_working?username=mdes_warehouse&database=mdes_warehouse_working&adapter=postgres&host=server&port=5432&password=ACTUAL_PASSWORD)
(Some names changed, etc.) Is there a way to suppress these? I've looked through the archives and the docs but I don't see anything.
Thanks,
Rhett
Alex Coles
Hi Rhett,
I would consider this a bug. The password value should probably be
elided. Please file a bug report in the DO project.
Thanks,
Alex
Rhett Sutphin
Done: https://github.com/datamapper/do/issues/18
Thanks for the response,
Rhett
>
> Thanks,
>
> Alex
>
> --
> You received this message because you are subscribed to the Google Groups "DataMapper" group.
> To post to this group, send email to datam...@googlegroups.com.
> To unsubscribe from this group, send email to datamapper+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/datamapper?hl=en.
>