cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <>
Subject Re: Review Request 16385: Fix for CloudStack JIRA 4406
Date Fri, 07 Mar 2014 21:47:42 GMT
no problem, glad we agree.

On Fri, Mar 7, 2014 at 8:38 PM, Alena Prokharchyk
<> wrote:
> Ok, got it, somehow missed the "hardcoded" parameters part. In this case
> true is fine as the parameter in @ApiCommand just triggers the validation.
> We only have to fix one part - instead of hardcoding the parameter(s) to
> hide, we have to come up with the new parameter in @Parameter to trigger
> the exclusion from the logs.
> Thank you,
> Alena.
> On 3/7/14, 11:32 AM, "Daan Hoogland" <> wrote:
>>Alena, I can see I am not being clear because what you say is the
>>sensible way and apart from the parameter level exactly what happens.
>>The parameter thing is an enhancement that we can make on top of this.
>>At the moment it only obfuscate a set of parameters with a fixed set
>>of names. We will have to have a new discussion of what the desirable
>>default is however. I say security first. but let's not have that
>>discussion in this thread.
>>Hope this clarifies,
>>On Fri, Mar 7, 2014 at 8:21 PM, Alena Prokharchyk
>><> wrote:
>>> Daan, if the default comes as true for the command, I assume that the
>>> won¹t see the command logged at all? Unless he overrides it.
>>> I assume sensitive=³true² means not ³analyze the command² but rather
>>> ³don¹t log the command². That doesn¹t seem right to me.
>>> True would seem right to me if the parameter is defined on both
>>> parameter/command level (which is not how it works today). Then
>>> in @ApiCommand annotation will just trigger the analyze for sensitive
>>> parameters, and the parameter in the @Parameter will tell whether to log
>>> the parameter itself.
>>> -Alena.
>>> On 3/7/14, 10:51 AM, "Daan Hoogland" <> wrote:
>>>>On Fri, Mar 7, 2014 at 7:31 PM, Alena Prokharchyk
>>>><> wrote:
>>>>> And the defaults should be false,
>>>>I don't agree, The true case does nothing if no fields are recognized
>>>>as sensitive, but it the flase case skips sensitive data containing
>>>>log messages. The only consquence of true as default is a performance
>>>>penalty that we were paying in the old case anyhow.


View raw message