cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: Review Request 16385: Fix for CloudStack JIRA 4406
Date Fri, 07 Mar 2014 21:47:42 GMT
no problem, glad we agree.

On Fri, Mar 7, 2014 at 8:38 PM, Alena Prokharchyk
<Alena.Prokharchyk@citrix.com> wrote:
> Ok, got it, somehow missed the "hardcoded" parameters part. In this case
> true is fine as the parameter in @ApiCommand just triggers the validation.
> We only have to fix one part - instead of hardcoding the parameter(s) to
> hide, we have to come up with the new parameter in @Parameter to trigger
> the exclusion from the logs.
>
> Thank you,
> Alena.
>
> On 3/7/14, 11:32 AM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:
>
>>Alena, I can see I am not being clear because what you say is the
>>sensible way and apart from the parameter level exactly what happens.
>>
>>The parameter thing is an enhancement that we can make on top of this.
>>At the moment it only obfuscate a set of parameters with a fixed set
>>of names. We will have to have a new discussion of what the desirable
>>default is however. I say security first. but let's not have that
>>discussion in this thread.
>>
>>Hope this clarifies,
>>Daan
>>
>>On Fri, Mar 7, 2014 at 8:21 PM, Alena Prokharchyk
>><Alena.Prokharchyk@citrix.com> wrote:
>>> Daan, if the default comes as true for the command, I assume that the
>>>user
>>> won¹t see the command logged at all? Unless he overrides it.
>>> I assume sensitive=³true² means not ³analyze the command² but rather
>>> ³don¹t log the command². That doesn¹t seem right to me.
>>>
>>> True would seem right to me if the parameter is defined on both
>>> parameter/command level (which is not how it works today). Then
>>>parameter
>>> in @ApiCommand annotation will just trigger the analyze for sensitive
>>> parameters, and the parameter in the @Parameter will tell whether to log
>>> the parameter itself.
>>>
>>>
>>> -Alena.
>>>
>>> On 3/7/14, 10:51 AM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:
>>>
>>>>On Fri, Mar 7, 2014 at 7:31 PM, Alena Prokharchyk
>>>><Alena.Prokharchyk@citrix.com> wrote:
>>>>> And the defaults should be false,
>>>>
>>>>
>>>>I don't agree, The true case does nothing if no fields are recognized
>>>>as sensitive, but it the flase case skips sensitive data containing
>>>>log messages. The only consquence of true as default is a performance
>>>>penalty that we were paying in the old case anyhow.
>>>>
>>>>--
>>>>Daan
>>>
>>
>>
>>
>>--
>>Daan
>



-- 
Daan

Mime
View raw message