Avoiding logging/leaking auth credentials during sqlpage.exec() calls

[matthewlarkin]

Hi @lovasoa,

I'm exploring methods to prevent credentials from being exposed in shell logs when using sqlpage.exec(). My concern is that these commands might be logged in system files, such as ~/.bash_history. However, I haven't found any signs of sqlpage.exec() commands in any system logs.

For tools like curl, we can use the --config option to protect sensitive information from logs. Normally, I would use environment variables to safeguard credentials, but I'm uncertain if this approach is effective with SQLPage, since the environment variable values are passed to the exec() function, perhaps resulting in a printed command string (including the credentials) which is then logged somewhere?

Could you provide insights on how SQLPage handles the arguments passed to sqlpage.exec() in this respect? I'm hoping that SQLPage internally prevents any logging of sensitive information.

[lovasoa]

SQLPage calls just the command you pass to it (so if you run curl, it will launch the curl binary, not bash). It the collects the program's stdout and makes it available to your sql file. If you don't print it explicitly, it won't be printed.
So nothing is printed to SQLPage's logs at the default logging level, and nothing gets into bash_history, since bash isn't even part of the picture.

[lovasoa]

The arguments to the command can still be leaked as part of the error message if the command fails. But the full error will not be displayed if you are in production mode (ENVIRONMENT=production) : https://github.com/lovasoa/SQLpage/blob/main/configuration.md#configuring-sqlpage

If you want to read the full code, it's here: https://github.com/lovasoa/SQLpage/blob/main/src%2Fwebserver%2Fdatabase%2Fsql_pseudofunctions.rs#L157