codecov-commenter
commented
1 year ago Codecov Report
Merging #356 (91bbd07) into main (1516e0c) will decrease coverage by
0.53%. The diff coverage is0.00%.
Closed fabianfett closed 1 year ago
codecov-commenter
commented
1 year ago Merging #356 (91bbd07) into main (1516e0c) will decrease coverage by
0.53%. The diff coverage is0.00%.
trasch
commented
1 year ago My thoughts about the serverInfo part:
message in quotes would make it look nicer. Probably also some of the other fields as detail, hint and so on (and also backendMessage and query on the top level).routine, file and line from Postgres are really necessary. I personally have never gained any useful information from that, so IMO we only display it because we have it...localizedSeverity really necessary in a debug description that's intended only for developers? And it's somewhat redundant with severity...Apart from the nitpicking: Thanks @fabianfett , this is already a big improvement!
fabianfett
commented
1 year ago @trasch What do you think about going through debugDescription to prevent users from accidentally leaking database details?
trasch
commented
1 year ago @fabianfett The question is, for what should it be used?
I think you rightly made the description as generic as possible because that would be the string that would be displayed to users, whereas debugDescription is for developers who need to know what's going on.
But what is actually the realistic scenario? Someone using this library for web backends or something similar will probably (hopefully) just send a message like "Something has gone wrong" to clients and not the debugDescription, but they still want a nice debug message for themselves. Developers who use this library for some internal data crunching or whatever will very much want to have a detailed error message. And developers who write something like "PGAdmin" want to send the debugDescription to the client because that's what the user expects.
So - in my opinion - information leaking isn't a problem here, and it should be more about giving useful error messages to developers... (and at least I never found it interesting that some error occured in postgres.c line 3312 π )
But maybe I'm overlooking something here?
trasch
commented
1 year ago @fabianfett Thinking about it a bit longer, I'm not so convinced anymore about the security problem. I mean, there are of course developers who have no clue about security, and oversights happen to the best of us, but is it really the job of a library to prevent this?
I think that description should be a short error description, like in the Postgres logs:
ERROR: canceling statement due to statement timeout
and debugDescription should be the full monty, as it is now.
But maybe there are other users of this library that have yet another opinion? π
This shall be the start of our discussion.
Will eventually fix #354.