Hi,

Le lun. 9 déc. 2024 à 14:40, Daniel Gustafsson <dan...@yesql.se> a écrit :

> > On 9 Dec 2024, at 14:26, Greg Sabino Mullane <htamf...@gmail.com> wrote:
>
> > -1 to throwing an ERROR - that's not really an error, and not our call
> to make, so a WARNING is sufficient.
>
> Agreed, regardless of how bad it's considered, it's not an error.  There
> are
> many ways sensitive data can end up in the logs and offering the impression
> there is a safety switch offers a false sense of security.
>
>
I'm fine with adding a test on whether or not we log statements. But that
completely hides the fact that people listening on the network could also
get to the password if the server doesn't use SSL. Isn't it weird to warn
about one potential leak and not the other one?


-- 
Guillaume.

Reply via email to