2

I need to hide prepared statement parameters from logging debug level and exception message. There are security critical values. For example using pgp_sym_encrypt, when exception thrown from database, in exception message shown full statement with parameters also 2nd parameter encryption key password. Is there any way to hide these kind of values, especially in exception message?

Improve this question
2
  • Have you considered passing the encryption key as a parameterized value? Commented Dec 24, 2019 at 7:34
  • Yes, 2nd parameter as encryption key to pgp_sym_encrypt Commented Dec 24, 2019 at 16:26

1 Answer 1

Reset to default
1

The safest way is to do the encryption on the client side and never send the password to the database. Once you send it to the database, it will be very hard to absolutely control what happens to it. Consider that if there is a way to configure the database to suppress this logging, then there is also a way to reverse that configuration.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.