Thread

  1. Add explicit warnings about unsafe OAuth trace output for libpq

    Zsolt Parragi <zsolt.parragi@percona.com> — 2026-04-07T18:28:39Z

    Hello
    
    This is based on earlier messages in the thread about OAUTHDEBUG splitting[1]:
    
    >> With the same logic, shouldn't we print a very visible warning when
    >> somebody enables trace? Since it's a long output, maybe to both the
    >> beginning and end of the flow?
    >
    > I'm more than happy to strengthen this as well, but let's kick that
    > out to its own thread, especially if pieces are backpatchable.
    
    The documentation already mentions that this option is unsafe because
    it prints out the HTTP traffic as-is, including secrets, but the
    output itself lacks a warning about it.
    
    Because the output is long, users might not notice that copy-pasting
    it or saving it to disk will share sensitive information. To increase
    visibility, this patch adds a warning to both the beginning and the
    end of the output.
    
    I also attached a version for 18, since this seems to be a useful
    change to backport. With the recent changes this is slightly different
    on 19.
    
    [1]: https://www.postgresql.org/message-id/CAOYmi%2Bkfw76zPa-tZPNs4KjxwthGLkQfpGyoKzMMy8_oNJz4DQ%40mail.gmail.com
    
  2. Re: Add explicit warnings about unsafe OAuth trace output for libpq

    Zsolt Parragi <zsolt.parragi@percona.com> — 2026-06-13T19:34:57Z

    Hello
    
    I have re-attached the same patches with simplified commit messages,
    and I also marked the PG18 version with nocfbot so the master version
    can apply correctly.
    
    On Tue, Apr 7, 2026 at 7:28 PM Zsolt Parragi <zsolt.parragi@percona.com> wrote:
    >
    > Hello
    >
    > This is based on earlier messages in the thread about OAUTHDEBUG splitting[1]:
    >
    > >> With the same logic, shouldn't we print a very visible warning when
    > >> somebody enables trace? Since it's a long output, maybe to both the
    > >> beginning and end of the flow?
    > >
    > > I'm more than happy to strengthen this as well, but let's kick that
    > > out to its own thread, especially if pieces are backpatchable.
    >
    > The documentation already mentions that this option is unsafe because
    > it prints out the HTTP traffic as-is, including secrets, but the
    > output itself lacks a warning about it.
    >
    > Because the output is long, users might not notice that copy-pasting
    > it or saving it to disk will share sensitive information. To increase
    > visibility, this patch adds a warning to both the beginning and the
    > end of the output.
    >
    > I also attached a version for 18, since this seems to be a useful
    > change to backport. With the recent changes this is slightly different
    > on 19.
    >
    > [1]: https://www.postgresql.org/message-id/CAOYmi%2Bkfw76zPa-tZPNs4KjxwthGLkQfpGyoKzMMy8_oNJz4DQ%40mail.gmail.com