cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: Review Request 16385: Fix for CloudStack JIRA 4406
Date Fri, 07 Mar 2014 22:16:17 GMT
Mandar, you want to take it?

On Fri, Mar 7, 2014 at 11:12 PM, Alena Prokharchyk
<Alena.Prokharchyk@citrix.com> wrote:
> And here is the Jira ticket:
>
> https://issues.apache.org/jira/browse/CLOUDSTACK-6213
>
> "Add new field to API @Parameter indicating if the param should be skipped
> from logs"
>
> -Alena.
>
> On 3/7/14, 1:47 PM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:
>
>>no problem, glad we agree.
>>
>>On Fri, Mar 7, 2014 at 8:38 PM, Alena Prokharchyk
>><Alena.Prokharchyk@citrix.com> wrote:
>>> Ok, got it, somehow missed the "hardcoded" parameters part. In this case
>>> true is fine as the parameter in @ApiCommand just triggers the
>>>validation.
>>> We only have to fix one part - instead of hardcoding the parameter(s) to
>>> hide, we have to come up with the new parameter in @Parameter to trigger
>>> the exclusion from the logs.
>>>
>>> Thank you,
>>> Alena.
>>>
>>> On 3/7/14, 11:32 AM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:
>>>
>>>>Alena, I can see I am not being clear because what you say is the
>>>>sensible way and apart from the parameter level exactly what happens.
>>>>
>>>>The parameter thing is an enhancement that we can make on top of this.
>>>>At the moment it only obfuscate a set of parameters with a fixed set
>>>>of names. We will have to have a new discussion of what the desirable
>>>>default is however. I say security first. but let's not have that
>>>>discussion in this thread.
>>>>
>>>>Hope this clarifies,
>>>>Daan
>>>>
>>>>On Fri, Mar 7, 2014 at 8:21 PM, Alena Prokharchyk
>>>><Alena.Prokharchyk@citrix.com> wrote:
>>>>> Daan, if the default comes as true for the command, I assume that the
>>>>>user
>>>>> won¹t see the command logged at all? Unless he overrides it.
>>>>> I assume sensitive=³true² means not ³analyze the command² but rather
>>>>> ³don¹t log the command². That doesn¹t seem right to me.
>>>>>
>>>>> True would seem right to me if the parameter is defined on both
>>>>> parameter/command level (which is not how it works today). Then
>>>>>parameter
>>>>> in @ApiCommand annotation will just trigger the analyze for sensitive
>>>>> parameters, and the parameter in the @Parameter will tell whether to
>>>>>log
>>>>> the parameter itself.
>>>>>
>>>>>
>>>>> -Alena.
>>>>>
>>>>> On 3/7/14, 10:51 AM, "Daan Hoogland" <daan.hoogland@gmail.com>
wrote:
>>>>>
>>>>>>On Fri, Mar 7, 2014 at 7:31 PM, Alena Prokharchyk
>>>>>><Alena.Prokharchyk@citrix.com> wrote:
>>>>>>> And the defaults should be false,
>>>>>>
>>>>>>
>>>>>>I don't agree, The true case does nothing if no fields are recognized
>>>>>>as sensitive, but it the flase case skips sensitive data containing
>>>>>>log messages. The only consquence of true as default is a performance
>>>>>>penalty that we were paying in the old case anyhow.
>>>>>>
>>>>>>--
>>>>>>Daan
>>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>Daan
>>>
>>
>>
>>
>>--
>>Daan
>



-- 
Daan

Mime
View raw message