Chapman Flack <c...@anastigmatix.net> writes: > ... which led me to the idea of a function parameter > declaration, putting the function definer in control of what > bits should get redacted.
+1 for thinking outside the box, but ... > Would anyone else see some value in this capability? Could it > (or some suitable restriction of it) seem implementable, or would > the complications be overwhelming? ... the problem with this idea is that knowledge that the item ought to be hidden would be obtained only very late in the parsing process. So for example if you fat-fingered something just to the left of the function call in the query text, or the name of the function itself, your password would still get exposed in the log. This indeed is the core problem with every proposal I've seen for semantics-based log filtering. Error logging needs to be considered as a very low-level operation, because reports may come out when little if anything is known about the real semantics of the query. regards, tom lane