Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Redact Database Password from Errors #6827

Open
garrettladley opened this issue Feb 5, 2024 · 0 comments
Open

Security: Redact Database Password from Errors #6827

garrettladley opened this issue Feb 5, 2024 · 0 comments
Assignees
@jinzhu
Labels
type:feature_request feature request

Comments

@garrettladley
Copy link

garrettladley commented Feb 5, 2024
edited

Describe the feature

Provide the ability to hide the database password from logs/error messages. Perhaps as an additional field in gorm.Config, perhaps as an option within struct tags (@DOOduneye), or both.

Motivation

This would enhance security by preventing sensitive database passwords from being exposed in error messages. Currently, when an error occurs in database interactions, the password may inadvertently appear in error logs or messages, posing a potential security risk. Adding an additional field in gorm.Config to hide the database password will help mitigate this risk and improve overall system security.

Adding this as an option that defaults to hiding the password, then opting in to showing it will provide a guardrail for gorm users. Or at a more granular level with struct tags will help prevent inadvertent secret leaking.

Related Issues

See @ctholho 's issue in postgres
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jinzhu jinzhu

Labels
type:feature_request feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jinzhu @garrettladley