Open jysandy opened 4 years ago
Hi,
I agree the feature would be useful. One thing to consider here is that there is some variation in how the connection string can be specified for different databases. So, might be safest to parse out from ://
to of the address. For example, Oracle connections can look like jdbc:oracle:thin:user/pass@//123.11.222.33:1521/schema
. And a PR for this would be very welcome.
If there's an error connecting to the database and the connection is configured with a connection URI, the entire connection URI is printed to the logs. Like so:
This could result in the password being leaked.
One possible solution could be to log only the first part of the connection URI up until the host and port. Alternatively, we could redact the entire connection URI. I noticed that there's already a function to censor the password, but this only works if the db-spec has a
:password
key. https://github.com/yogthos/migratus/blob/master/src/migratus/utils.clj#L90Happy to raise a PR if you agree with either of these solutions.