Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ConnectionManager stores password in clear text in its state #1718

Closed
alco opened this issue Sep 17, 2024 · 0 comments · Fixed by #1772
Closed

ConnectionManager stores password in clear text in its state #1718

alco opened this issue Sep 17, 2024 · 0 comments · Fixed by #1772
Assignees
@magnetised
Labels
bug

Comments

@alco
Copy link
Member

alco commented Sep 17, 2024

The password needs to be obfuscated such that when ConnectionManager crashes and its state is logged, the password is not visible in the log output.
@alco alco added the bug label Sep 17, 2024
@magnetised magnetised self-assigned this Sep 17, 2024
@magnetised magnetised mentioned this issue Sep 17, 2024
Closed
@alco alco mentioned this issue Oct 1, 2024
Merged
alco added a commit that referenced this issue Oct 14, 2024
@alco
Obfuscate database password to avoid accidentally leaking it in logs (#…
2bf933c 
…1772)

Fix #1718.

Obfuscation is implemented by wrapping the password in a zero-arity
function as early as possible, so that the password is never stored in
cleartext in any of our processes' state. The deobfuscation happens
right before passing connection options to Postgrex. This creates an
explicit point of hand-off where the responsibility for keeping the
password from getting leaked is transfered from our code to Postgrex.
KyleAMathews pushed a commit that referenced this issue Nov 1, 2024
@alco
Obfuscate database password to avoid accidentally leaking it in logs (#…
abb839b 
…1772)

Fix #1718.

Obfuscation is implemented by wrapping the password in a zero-arity
function as early as possible, so that the password is never stored in
cleartext in any of our processes' state. The deobfuscation happens
right before passing connection options to Postgrex. This creates an
explicit point of hand-off where the responsibility for keeping the
password from getting leaked is transfered from our code to Postgrex.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@magnetised magnetised

Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@magnetised @alco