instrumentedsql icon indicating copy to clipboard operation
instrumentedsql copied to clipboard

Published 20 hours ago verified publisher icon ExpansiveWorlds

Remove args label

Open bhcleek opened this issue 7 years ago • 4 comments

Remove all the labels and logs that surface parameterized query arguments, because doing so severely impacts performance due to the use of github.com/kr/pretty and because parameterized query arguments often contain sensitive data.

Because parameterized query arguments often contain sensitive data (passwords, api tokens, etc.) or highly regulated data (e.g. HIPAA, GDPR, et al), it's generally a good idea to not log them.

bhcleek avatar Apr 28 '18 00:04 bhcleek

Hey there, https://github.com/luna-duclos/instrumentedsql has an Option already to disable query argument logging. Please have a look and let me know if it's sufficient.

luna-duclos avatar Apr 29 '18 13:04 luna-duclos

It looks like that will nearly be sufficient. The query args in prepared statements don't leverage the option, though. Is that an oversight or intentional?.

Is your fork the new canonical repository instead of this one?

bhcleek avatar Apr 29 '18 16:04 bhcleek

I'll happily accept a PR to fix the prepared statement issue. I maintain the fork, I can't speak for this repo as I no longer work at EW.

luna-duclos avatar Apr 30 '18 08:04 luna-duclos

IMHO, this needs to be an option of the driver. The user can chose whether to print args or not...

pavelnikolov avatar Feb 11 '19 05:02 pavelnikolov