From 3333c6623fa45bcbc7fabd061184a79b7b7f2fa6 Mon Sep 17 00:00:00 2001
From: Yassen Damyanov <yd@itlabs.bg>
Date: Thu, 22 Sep 2022 12:12:28 -0400
Subject: Tighten password security by removing `URL.__str__`

For improved security, the :class:`_url.URL` object will now use password
obfuscation by default when ``str(url)`` is called. To stringify a URL with
cleartext password, the :meth:`_url.URL.render_as_string` may be used,
passing the :paramref:`_url.URL.render_as_string.hide_password` parameter
as ``False``. Thanks to our contributors for this pull request.

Fixes: #8567
Closes: #8563
Pull-request: https://github.com/sqlalchemy/sqlalchemy/pull/8563
Pull-request-sha: d1f1127f753849eb70b8d6cc64badf34e1b9219b

Change-Id: If756c8073ff99ac83876d9833c8fe1d7c76211f9
---
 lib/sqlalchemy/engine/url.py | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'lib/sqlalchemy/engine')

diff --git a/lib/sqlalchemy/engine/url.py b/lib/sqlalchemy/engine/url.py
index 8d80cfd1c..cca31edd0 100644
--- a/lib/sqlalchemy/engine/url.py
+++ b/lib/sqlalchemy/engine/url.py
@@ -642,9 +642,6 @@ class URL(NamedTuple):
             )
         return s
 
-    def __str__(self) -> str:
-        return self.render_as_string(hide_password=False)
-
     def __repr__(self) -> str:
         return self.render_as_string()
 
-- 
cgit v1.2.1