Hi I have a question how to reset the password of ...
# helpj
Joey Cabal
01/05/2022, 5:52 PMHi I have a question how to reset the password of the project that I have created?
s
silentworks
01/05/2022, 6:20 PMm
Mike_
01/05/2022, 6:52 PMWas about to ask this question too, thanks!
Mike_
01/05/2022, 7:06 PMHmm, is there a security vulnerability with this? I just followed this method, and it seems that the raw query (including the plain-text password) is logged in the DB logs... is that intended / safe behavior or are the logs not supposed to contain sensitive information like that?
s
silentworks
01/05/2022, 7:08 PMI'm not sure how the new logging part of the system work, but maybe someone from the team with better knowledge than myself can answer this. //cc @User
e
everconfusedguy
01/06/2022, 4:06 AMHi Joey, thanks for reporting this. As an immediate fix, we have a job which scrubs the passwords from the logs every hour. Soon, we will make a fix so that the plaintext password doesnt reach our logging pipeline.
m
Mike_
01/06/2022, 6:00 PMIMO, a UI to reset the password (under settings -> database) would be the most intuitive UX
Mike_
01/06/2022, 6:01 PMthat combined with either a warning that anything you put in the SQL interface will be committed to logs or even a checkbox on the SQL interface which gives you the ability to disable "add this command to logs"
Mike_
01/06/2022, 6:01 PMsomething like that