cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alena Prokharchyk <Alena.Prokharc...@citrix.com>
Subject Re: Review Request 16385: Fix for CloudStack JIRA 4406
Date Fri, 07 Mar 2014 19:38:05 GMT
Ok, got it, somehow missed the “hardcoded” parameters part. In this case
true is fine as the parameter in @ApiCommand just triggers the validation.
We only have to fix one part - instead of hardcoding the parameter(s) to
hide, we have to come up with the new parameter in @Parameter to trigger
the exclusion from the logs.

Thank you,
Alena.

On 3/7/14, 11:32 AM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:

>Alena, I can see I am not being clear because what you say is the
>sensible way and apart from the parameter level exactly what happens.
>
>The parameter thing is an enhancement that we can make on top of this.
>At the moment it only obfuscate a set of parameters with a fixed set
>of names. We will have to have a new discussion of what the desirable
>default is however. I say security first. but let's not have that
>discussion in this thread.
>
>Hope this clarifies,
>Daan
>
>On Fri, Mar 7, 2014 at 8:21 PM, Alena Prokharchyk
><Alena.Prokharchyk@citrix.com> wrote:
>> Daan, if the default comes as true for the command, I assume that the
>>user
>> won¹t see the command logged at all? Unless he overrides it.
>> I assume sensitive=³true² means not ³analyze the command² but rather
>> ³don¹t log the command². That doesn¹t seem right to me.
>>
>> True would seem right to me if the parameter is defined on both
>> parameter/command level (which is not how it works today). Then
>>parameter
>> in @ApiCommand annotation will just trigger the analyze for sensitive
>> parameters, and the parameter in the @Parameter will tell whether to log
>> the parameter itself.
>>
>>
>> -Alena.
>>
>> On 3/7/14, 10:51 AM, "Daan Hoogland" <daan.hoogland@gmail.com> wrote:
>>
>>>On Fri, Mar 7, 2014 at 7:31 PM, Alena Prokharchyk
>>><Alena.Prokharchyk@citrix.com> wrote:
>>>> And the defaults should be false,
>>>
>>>
>>>I don't agree, The true case does nothing if no fields are recognized
>>>as sensitive, but it the flase case skips sensitive data containing
>>>log messages. The only consquence of true as default is a performance
>>>penalty that we were paying in the old case anyhow.
>>>
>>>--
>>>Daan
>>
>
>
>
>-- 
>Daan

Mime
View raw message