Test connection always show password in log file.

[omeuid]

If you enable logging in a DSN, when you click on the 'Test connection' button, several log sentences include the connection string without hiding the password property.

In the drvconn.c file, the FORCE_PASSWORD_DISPLAY flag is defined:

#define	FORCE_PASSWORD_DISPLAY
#define	NULL_IF_NULL(a) (a ? a : "(NULL)")

So every time the flag is checked to determine if the password must be hidden, the connection string will not be hidden.

I found the following three cases:

• In PGAPI_DriverConnect method:

#ifdef	FORCE_PASSWORD_DISPLAY
	MYLOG(0, "**** fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, connStrIn);
#else
	if (get_mylog())
	{
		char	*hide_str = hide_password(connStrIn);

		MYLOG(0, "**** fDriverCompletion=%d, connStrIn='%s'\n", fDriverCompletion, NULL_IF_NULL(hide_str));
		if (hide_str)
			free(hide_str);
	}
#endif	/* FORCE_PASSWORD_DISPLAY */

• Also, the following code appears in the same method

#ifdef	FORCE_PASSWORD_DISPLAY
	if (cbConnStrOutMax > 0)
	{
		MYLOG(0, "szConnStrOut = '%s' len=" FORMAT_SSIZE_T ",%d\n", NULL_IF_NULL((char *) szConnStrOut), len, cbConnStrOutMax);
	}
#else
	if (get_mylog())
	{
		char	*hide_str = NULL;

		if (cbConnStrOutMax > 0)
			hide_str = hide_password(szConnStrOut);
		MYLOG(0, "szConnStrOut = '%s' len=%d,%d\n", NULL_IF_NULL(hide_str), len, cbConnStrOutMax);
		if (hide_str)
			free(hide_str);
	}
#endif /* FORCE_PASSWORD_DISPLAY */

• And the last occurrence can be found in dconn_get_attributes method:

#ifdef	FORCE_PASSWORD_DISPLAY
	MYLOG(0, "our_connect_string = '%s'\n", our_connect_string);
#else
	if (get_mylog())
	{
		char	*hide_str = hide_password(our_connect_string);

		MYLOG(0, "our_connect_string = '%s'\n", hide_str);
		free(hide_str);
	}
#endif /* FORCE_PASSWORD_DISPLAY */

I assume that this is not the expected behavior.

• Maybe the password could be shown only at a certain log level.

What do you think?

Regard,
Carlos

[davecramer]

I'd be OK with a PR that restricted password to a certain level