Hi, Le lun. 9 déc. 2024 à 14:40, Daniel Gustafsson <dan...@yesql.se> a écrit :
> > On 9 Dec 2024, at 14:26, Greg Sabino Mullane <htamf...@gmail.com> wrote: > > > -1 to throwing an ERROR - that's not really an error, and not our call > to make, so a WARNING is sufficient. > > Agreed, regardless of how bad it's considered, it's not an error. There > are > many ways sensitive data can end up in the logs and offering the impression > there is a safety switch offers a false sense of security. > > I'm fine with adding a test on whether or not we log statements. But that completely hides the fact that people listening on the network could also get to the password if the server doesn't use SSL. Isn't it weird to warn about one potential leak and not the other one? -- Guillaume.
