Skip to content

fix(hub): remove database URL from logs to prevent credential exposure #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mattinannt merged 2 commits into from
Oct 29, 2025
Merged

fix(hub): remove database URL from logs to prevent credential exposure #10

mattinannt merged 2 commits into from
Oct 29, 2025

Conversation

@mattinannt
Copy link
Member

@mattinannt mattinannt commented Oct 29, 2025

Security Fix: Remove Database URL from Logs

Problem

The database connection log was printing the full PostgreSQL connection URL, which includes the database password. This is a security risk as sensitive credentials were being exposed in application logs.

Solution

Removed the database URL from the log output. The connection confirmation message is still logged, but without exposing the connection string containing credentials.

Changes

  • Simplified logger.Info("database connected") to only log the message without connection pool details or URL
  • Also updated import paths from formbricks-rewrite to formbricks/hub to reflect the correct repository structure
  • This follows the principle of not logging sensitive information, even at INFO level

Impact

  • ✅ Eliminates credential exposure in logs
  • ✅ Keeps logs clean and focused on essential operational information
  • ✅ No functional impact on application behavior

@mattinannt
fix(hub): remove database URL from logs to prevent credential exposure
499b4df 
The database URL contains sensitive information (password) and should not
be logged even at INFO level. Simplified the log message to just confirm
the database connection succeeded.
@mattinannt
fix(hub): remove database URL from logs to prevent credential exposure
bbf8ebf 
The database URL contains sensitive information (password) and should not
be logged even at INFO level. Simplified the log message to just confirm
the database connection succeeded.
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Oct 29, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@mattinannt mattinannt enabled auto-merge October 29, 2025 20:03
@mattinannt mattinannt disabled auto-merge October 29, 2025 20:03
@mattinannt mattinannt merged commit eef95d8 into main Oct 29, 2025
2 checks passed
@mattinannt mattinannt deleted the fix/remove-database-url-logging branch October 29, 2025 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattinannt