pghero completed 500 internal error throwing plaintext password

Question

pghero completed 500 internal error throwing plaintext password

kgo-sgo opened this issue a year ago · 2 comments

When pghero app does not have access to the postgres instance and gets Completed 500 Internal Server Error then throwing plaintext password to the logs

pghero URI::InvalidURIError (bad URI(is not URI?):
"postgresql://USERNAME:PASSWORD@URL:5432/):

Answer 1 · 2023-11-17T22:47:20.000Z

Hi @kgo-sgo, thanks for reporting. That error means the URL is malformed / not a valid URL (not that it can't connect). It comes from Ruby / Rails, but it'd be good to try to rescue and re-raise to try to keep a potential password out of the logs.

Answer 2 · 2023-11-17T23:13:19.000Z

Submitted a PR to Ruby's URI library since I think it's best addressed there: ruby/uri#91