Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 205431017B for ; Mon, 2 Dec 2013 02:54:33 +0000 (UTC) Received: (qmail 7756 invoked by uid 500); 2 Dec 2013 02:54:32 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 7639 invoked by uid 500); 2 Dec 2013 02:54:32 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 7631 invoked by uid 99); 2 Dec 2013 02:54:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Dec 2013 02:54:32 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [74.125.149.18] (HELO na3sys009aog137.obsmtp.com) (74.125.149.18) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 Dec 2013 02:54:25 +0000 Received: from mail-we0-f175.google.com ([74.125.82.175]) (using TLSv1) by na3sys009aob137.postini.com ([74.125.148.12]) with SMTP ID DSNKUpv2SvKKp45ca7HnOoesGo+mARlmIzxp@postini.com; Sun, 01 Dec 2013 18:54:04 PST Received: by mail-we0-f175.google.com with SMTP id p61so11127554wes.6 for ; Sun, 01 Dec 2013 18:54:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=xKs5QTWzV+NxBboq8j6muFHQVogzRVpyrqh4cVysZtE=; b=kbvmzTF7vSdZp9V2cSWVPjhmsqemHEFvUHAgF+DmjMddWRblATiAkKGCtytccHgiND Wt2X7W0NqvG/KMI0WaL8K9F/KRUoC55qF0zvpJhZ83Dm8I/W8mQ7bJd5Hlcok3ECHBJE s+3IPNXn0I0NuyLJzG0slUegUfgvry6/VFAexjnbT1WC45ahWQ4T1I+h/5cTjNaR3LPj ZXVswvCwY3+kj22dtDAV4e3+AkzK66miEoOA9xK9TujvxXspdQc9cyBAjiG8+pimavfW 0OFxCc+15Zkp2IQwdTEb2O6qGlMKGcOHoRmwruykdNBc06T0yCQj0yYuf+H5ojNHusDK yD3Q== X-Gm-Message-State: ALoCoQmLcfjOf0qOwuIZzMIejeQ7jjmo4gYuge40CXaoep/DpwuWjuRA87j2C/9+McByF961i6+tWROYGAjMOrwA5tu30YlcsO6yE5HRiOYhoNviNtHamvII10WuIDpvRZzjKbJtGPIFOQ0JOFTvUB3XHLPY2VePx/QJQEJsCKNSdcd6xGCCeDA= X-Received: by 10.194.1.139 with SMTP id 11mr33822480wjm.33.1385952841676; Sun, 01 Dec 2013 18:54:01 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.1.139 with SMTP id 11mr33822476wjm.33.1385952841581; Sun, 01 Dec 2013 18:54:01 -0800 (PST) Received: by 10.216.167.202 with HTTP; Sun, 1 Dec 2013 18:54:01 -0800 (PST) In-Reply-To: References: Date: Mon, 2 Dec 2013 08:24:01 +0530 Message-ID: Subject: Re: [PROPOSAL] JIRA 4406: Remove cleanString() call for every API to improve performance - especially of the list APIs From: Mandar Barve To: dev@cloudstack.apache.org Cc: nitin.mehta@citrix.com Content-Type: multipart/alternative; boundary=047d7b3a8c30cc5f5604ec844abf X-Virus-Checked: Checked by ClamAV on apache.org --047d7b3a8c30cc5f5604ec844abf Content-Type: text/plain; charset=ISO-8859-1 Thanks Daan. Thanks, Mandar On Fri, Nov 29, 2013 at 5:16 PM, Daan Hoogland wrote: > Mandar, > > I agree, go ahead. Let me know if you need any help. > > On Fri, Nov 29, 2013 at 12:40 PM, Mandar Barve > wrote: > > Hi Daan, > > I see your point in not bothering API implementers when it comes to > > checking or setting the flag. (In my implementation I am proposing flag > > check using base class ref and set in API child class. Flags and get/set > > methods are members of the base class.) > > > > If the base class has to do the check and set at load time as you suggest > > here are some things to consider: > > > > 1. API command class is loaded by its name at run time. > > 2. At this time code doesn't know if the API command is carrying > sensitive > > data or not. > > 3. I did not find any annotation in the API command classes for return > > types that indicate password/secret key that could be used as a simple > > match string to help decide sensitivity of the class at load time, which > > means class needs to be modified to set such flag perhaps in its > > constructor or when it executes the command as suggested earlier. In a > > nutshell API command class modification is needed. > > > > I also agree with your second point that with introduction of another > > member variable and expectation of it being set by the child class, if > > there is a developer oversight purpose can get lost. I think by making a > > base class wrapper method e.g. InformCommandSensitivity abstract we > should > > be able to enforce this at compile time. All API command classes will > have > > to implement this method leading to setting/resetting of the flag as > needed. > > > > Like you said I don't know the future security implications if any for > such > > code. > > > > Considering all these I would like to go ahead with the approach I > > suggested. > > > > Thanks, > > Mandar > > > > > > On Thu, Nov 28, 2013 at 8:07 PM, Daan Hoogland >wrote: > > > >> Almost, I would like to see some construct that would allow for child > >> classes not to bother and let the baseclass do the checking and set > >> the flag at load time so api implemeters don't have to worry about > >> this. It is kind of a challenge but using reflection it should be > >> possible. > >> > >> As I understand your proposal every implementer of an api has to make > >> the consideration considering every field of the class. It will work > >> but automated processing of the api class could prevent oversights by > >> developers. > >> > >> On the other hand we will run into privacy and security related > >> situations not foreseeable right now. I am not sure if what I am > >> saying will pay off. > >> > >> > >> > >> On Thu, Nov 28, 2013 at 3:24 PM, Mandar Barve > > >> wrote: > >> > Daan, > >> > The child classes will "know" (since the API request/response > >> > parameters are known) at load time if they are to carry sensitive data > >> and > >> > they can set the flags at class load time/construction like you > >> mentioned. > >> > Flag check will be at the time of logging. > >> > > >> > Did you mean to suggest the same or am I missing something? > >> > > >> > Thanks, > >> > Mandar > >> > > >> > > >> > On Thu, Nov 28, 2013 at 5:22 PM, Daan Hoogland < > daan.hoogland@gmail.com > >> >wrote: > >> > > >> >> On Thu, Nov 28, 2013 at 10:38 AM, Mandar Barve < > >> mandar.barve@sungard.com> > >> >> wrote: > >> >> > > >> >> > In my opinion we should implement approach #2. I have tested this > >> >> approach > >> >> > for couple of sensitive commands list Users and list Accounts. It > >> looks > >> >> to > >> >> > work fine. > >> >> > >> >> > >> >> H Mandar, I agree but can some automation be done i.e. recognize > >> >> sensitive names of fields [pP]assword or varieties thereof? This can > >> >> be done at construction or even classloadtime and shouldn't impact > >> >> performance very much. > >> >> > >> >> otherwise #2 is more elegant and i mean this as an extension of #2 > >> >> > >> >> > >> > >> > > --047d7b3a8c30cc5f5604ec844abf--