Do not print connection string under 'Info' log level #30
Description
Is there an existing issue for this?
- I have searched the existing open and closed issues
Description
Hello Team,
We recently started using dbup for PostgreSql, and our security audit guy was asking if we can hide this message:
Master ConnectionString => Host=[redacted];Database=[redacted];Username=[redacted];Password=******;SSL Mode=Require
And we couldn't find a way to hide it. It's just an "info" message. While you do remove the password, security audit guy is not comfortable with some other information that is being revealed, like host, db and username.
Could you make it so that it prints on 'debug' level? That seems like a time where I would like to see the connection string: I'm running, something is not working, let me turn debug on, "ah I see, the connection string is invalid".
If we remove "info" logging, then we lose a lot of other notices that are not security sensitive.
Thank you for your consideration!
What is the impact?
It should not impact execution. It might only impact those that are debugging an issue and are still just using "INFO" log level and suddenly the connection string is not printing.
Perhaps we add a note where the current info message is like "ConnectionString received. Enable debug log level to show a redacted version".
Thanks