Currently, if the user info fails to get parsed correctly out of the URL, the entire contents is returned back. This is problematic because many people such as myself log these error messages, and rely on them for debugging. In this case, my database username and password were logged
I ran into this because I accidentally included a space before my password:
db, err := sqlx.Connect("postgres", conf.DBURL)
if err != nil {
panic(fmt.Errorf("failed to initialize db connection: %w", err))
}
panic: failed to initialize db connection: parse "postgres://dummy_user: <redacted>@dummywebsite.com:12241/dummy_db": net/url: invalid userinfo
goroutine 1 [running]:
main.main()
/workspace/main.go:43 +0xeee
exit status 2
I would have just expected a message saying invalid userinfo in which case I would have manually inspected the secret and noticed the issue
Currently, if the user info fails to get parsed correctly out of the URL, the entire contents is returned back. This is problematic because many people such as myself log these error messages, and rely on them for debugging. In this case, my database username and password were logged
I ran into this because I accidentally included a space before my password:
I would have just expected a message saying
invalid userinfoin which case I would have manually inspected the secret and noticed the issue