Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: metacommand \c exposes password in clear text #87294

Closed
dbist opened this issue Sep 1, 2022 · 0 comments · Fixed by #87298
Closed

cli: metacommand \c exposes password in clear text #87294

dbist opened this issue Sep 1, 2022 · 0 comments · Fixed by #87298
Assignees
@rafiss
Labels
C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)

Comments

@dbist
Copy link
Contributor

dbist commented Sep 1, 2022
edited by dt
Loading

Is your feature request related to a problem? Please describe.
executing \c command on the command line exposes a connection string with password in clear text

Describe the solution you'd like
a password should be redacted similar to Cloud console

postgresql://artem:<ENTER-PASSWORD>@artem-mr-7rh.aws-us-east-1.cockroachlabs.cloud:26257/defaultdb?sslmode=verify-full&sslrootcert=$HOME/Library/CockroachCloud/certs/artem-mr-ca.crt

Additional context

to repro:

connect to CockroachDB, entering a password either in the connection string or when prompted (I tested with 22.1.6).
type \c and see the entire connection string with password unredacted

Connection string: postgresql://artem:password@free-tier11.gcp-us-east1.cockroachlabs.cloud:26257/defaultdb?application_name=%24+cockroach+sql&connect_timeout=15&options=--cluster%3Dartem-serverless-1812&sslmode=verify-full&sslrootcert=%2FUsers%2Fartem%2F.postgresql%2Froot.crt
You are connected to database "defaultdb" as user "artem".

Jira issue: CRDB-19258
@dbist dbist added the C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception) label Sep 1, 2022
@rafiss rafiss self-assigned this Sep 1, 2022
@rafiss rafiss mentioned this issue Sep 1, 2022
Merged
@craig craig bot closed this as completed in 99a9587 Sep 7, 2022
@blathers-crl blathers-crl bot mentioned this issue Sep 7, 2022
Merged
This was referenced Sep 7, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rafiss rafiss

Labels
C-enhancement Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

cli: don't show password in \c metacommand rafiss/cockroach
2 participants
@dbist @rafiss