SECURITY_SENSITIVE

Also known as

sensitive, security (with or without @ prefix)

Mark endpoint as security-sensitive to obfuscate parameter values in logs.

Syntax

code

@sensitive

Examples

Password Change Endpoint

sql

create function change_password(_old_password text, _new_password text)
returns boolean
language sql
begin atomic;
...;
end;

comment on function change_password(text, text) is
'HTTP POST
@authorize
@sensitive';

Equivalent as a SQL file endpoint (sql/change-password.sql):

sql

/*
HTTP POST
@authorize
@sensitive
@param $1 old_password
@param $2 new_password
*/
update users
set password_hash = crypt($2, gen_salt('bf'))
where id = current_user_id()
  and password_hash = crypt($1, password_hash)
returning true;

sql

create function authenticate(_username text, _password text)
returns json
language sql
begin atomic;
...;
end;

comment on function authenticate(text, text) is
'HTTP POST
@login
@sensitive';

Payment Processing

sql

create function process_payment(_card_number text, _cvv text, _amount numeric)
returns json
language sql
begin atomic;
...;
end;

comment on function process_payment(text, text, numeric) is
'HTTP POST
@authorize
@security_sensitive';

Behavior

Parameter values are replaced with *** in logs
Helps prevent sensitive data from appearing in log files
Applies to all parameters of the endpoint

Logging configuration - Configure logging output
Comment Annotations Guide - How annotations work
Configuration Guide - How configuration works

AUTHORIZE - Require authentication
LOGIN - Mark as sign-in endpoint

SECURITY_SENSITIVE ​

Syntax ​

Examples ​

Password Change Endpoint ​

Login Endpoint ​

Payment Processing ​

Behavior ​

Related ​

Related Annotations ​

Comments

SECURITY_SENSITIVE

Syntax

Examples

Password Change Endpoint

Login Endpoint

Payment Processing

Behavior

Related

Related Annotations