Sql query parameters often contain sensitive data so letting these parameters be logged by default is risky for users.
> illustrative example
DEBUG:tortoise.db_client:INSERT INTO "users"
("hashpass", "hashpass_salt", "social_security_number")
VALUES ($1,$2,$3): ['SENSITIVE_STUFF', 'SENSITIVE_STUFF', 'SENSITIVE_STUFF']
Here's one example:
|
self.log.debug("%s: %s", query, values) |
There are a few more.
Resolution: modify the log statements to include only the query, not the parameters.
Sql query parameters often contain sensitive data so letting these parameters be logged by default is risky for users.
Here's one example:
tortoise-orm/tortoise/backends/oracle/client.py
Line 95 in c4f601e
There are a few more.
Resolution: modify the log statements to include only the query, not the parameters.