Hi, I've noticed that the Housekeeper logs entire connection string including the password which is pretty bad from a security perspective. Example of the log message with fake data:
WARNING: Cleaning up leaked connection ( jdbc:pgsql://somhost.com/db_name?user=user_name&ssl.mode=require&password=real_password )
I know that the housekeeper should do nothing if the app is designed and created properly (so no leaks), however the fact that some bug on the app side can cause the library to log a password raises a huge security concern.
Hi, I've noticed that the Housekeeper logs entire connection string including the password which is pretty bad from a security perspective. Example of the log message with fake data:
I know that the housekeeper should do nothing if the app is designed and created properly (so no leaks), however the fact that some bug on the app side can cause the library to log a password raises a huge security concern.