Return-Path: 
 <dev-return-56069-apmail-cloudstack-dev-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-dev-archive@www.apache.org
Delivered-To: apmail-cloudstack-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 53FD710E0A
	for <apmail-cloudstack-dev-archive@www.apache.org>;
 Tue, 15 Apr 2014 06:25:37 +0000 (UTC)
Received: (qmail 16750 invoked by uid 500); 15 Apr 2014 06:25:37 -0000
Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org
Received: (qmail 16134 invoked by uid 500); 15 Apr 2014 06:25:35 -0000
Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:dev@cloudstack.apache.org>
List-Id: <dev.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list dev@cloudstack.apache.org
Received: (qmail 16110 invoked by uid 99); 15 Apr 2014 06:25:32 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Apr 2014 06:25:31 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy includes SPF record at
 spf.trusted-forwarder.org)
Received: from [74.125.149.149] (HELO na3sys009aog123.obsmtp.com)
 (74.125.149.149)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Apr 2014 06:25:26 +0000
Received: from mail-wi0-f177.google.com ([209.85.212.177]) (using TLSv1) by
 na3sys009aob123.postini.com ([74.125.148.12]) with SMTP
	ID DSNKU0zQvtKGHhagCiX7jDItpiATb6uOBTic@postini.com;
 Mon, 14 Apr 2014 23:25:04 PDT
Received: by mail-wi0-f177.google.com with SMTP id cc10so5114894wib.16
        for <dev@cloudstack.apache.org>; Mon, 14 Apr 2014 23:25:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=Jx1ex+Q6q+oxahaR3zhOORDGMNBIKYVogRK2oDnvjdU=;
        b=XqDy1NlZa1cIJNqUkapdwQTXqkSA7FjtNAQxc6CLAU98q6/MaHP4HoRdb6Ajr7+6oX
         UaKrmDAJ84NpAFgYQRplK3hr4j/zxZY7C/VLzRWX5/vF23FNIff04gb44Qlh9zbEpl42
         oJ5GWyJKP9ZiMbefJOfUUGjBiWnF5Gsq+kFGYdSBX3dEzay+YYUV9qQP9NWpPeirvmsn
         dmM2FR2vTetE+d6ShXtgJh2A/1jjNCKQNjvU0tsRTofrgTp6728H0xC6Xp3FajQ2cIbD
         Oz6LUwwTymFwNZyXAWYlXaRW1+oiWRCb1sb7u+++MKDb0mTD7q0dO+YGHKsQy7z844Iz
         QO2A==
X-Gm-Message-State: 
 ALoCoQm3ZyRPzSPCmxVNRUREQ9MYeLSIb28iNRvFpophBWU4lcYWxVN5Gg7A0NbWOeXsl8T90CDvNUYzcjZog1YRA0MElIoOTpOp3/kc7ugweJVJiAmazrfz7sHp3VNchkVrAS5WO1PF
X-Received: by 10.180.36.101 with SMTP id p5mr973484wij.8.1397543101473;
        Mon, 14 Apr 2014 23:25:01 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.36.101 with SMTP id p5mr973482wij.8.1397543101418; Mon,
 14 Apr 2014 23:25:01 -0700 (PDT)
Received: by 10.216.72.132 with HTTP; Mon, 14 Apr 2014 23:25:01 -0700 (PDT)
In-Reply-To: 
 <CAGQtxvZGq5Z_Co4Yx770Wt_MBRDSujdsrHjcqpbmmEui=adHDw@mail.gmail.com>
References: <20140408080206.16004.73844@reviews.apache.org>
	<CAJCRRwxbbz=XHkZmV2inzF7jt8=BCp0xy7eAJYejE5Fw78Q=Wg@mail.gmail.com>
	<CAGQtxvZs6A-gXZRpNVT2KamxwQQbevm2A-5nLeRak0M=P-c9Yg@mail.gmail.com>
	<CAJCRRwzVGYnN1E17rh+bPA5DGBVt9OdtMeT=Th=WwFrfBPFNSQ@mail.gmail.com>
	<CAGQtxvZFhG5o-k5H2xc1gvSO8hGv5nS5Y09HTWQBhs-FPJA5GQ@mail.gmail.com>
	<CF716981.43EB7%alena.prokharchyk@citrix.com>
	<CAGQtxvbW_KWNnC=2STr1NKgZHoiU82AFmzNC176i0-BMwUPoxw@mail.gmail.com>
	<CAJCRRwxGyTNdNduS5K_2NOBM-Cq-vdSOKBL=soJrJaxnPju+ow@mail.gmail.com>
	<CAGQtxvZGq5Z_Co4Yx770Wt_MBRDSujdsrHjcqpbmmEui=adHDw@mail.gmail.com>
Date: Tue, 15 Apr 2014 11:55:01 +0530
Message-ID: 
 <CAJCRRwz8hKV7AhbAfMpsxsJoyxS-1-HQwb9LUcWZLKersLEnFw@mail.gmail.com>
Subject: Re: Review Request 20117: Pilot patch for CS JIRA 6213
From: Mandar Barve <mandar.barve@sungardas.com>
To: Daan Hoogland <daan.hoogland@gmail.com>
Cc: Alena Prokharchyk <Alena.Prokharchyk@citrix.com>,
 dev <dev@cloudstack.apache.org>
Content-Type: multipart/alternative; boundary=e89a8f50345e1e6af704f70edc37
X-Virus-Checked: Checked by ClamAV on apache.org

--e89a8f50345e1e6af704f70edc37
Content-Type: text/plain; charset=ISO-8859-1

Oh all I meant was stuffing the existing search string that cleanString
uses with all identified "sensitive" keywords. And I guess if it starts
getting GIANT it won't make sense.




On Tue, Apr 15, 2014 at 11:36 AM, Daan Hoogland <daan.hoogland@gmail.com>wrote:

> On Tue, Apr 15, 2014 at 6:01 AM, Mandar Barve
> <mandar.barve@sungardas.com> wrote:
> > 1. The pilot patch I posted already does this of checking the command
> level
> > flag first and only for "flagged" commands check the list of "sensitive"
> > parameters. I was wondering if that code itself, building list of
> sensitive
> > parameters as a command can have more than one of these and then
> stripping
> > them one by one can lead to additional overhead.
> > To reduce that overhead, I was thinking the REGEX that cleanString util
> > function uses can be generated at application load time walking the list
> of
> > all only "sensitive" (flagged) command classes followed by the
> "sensitive"
> > param lists for such classes. At run time when commands are executed all
> you
> > need to do is for the already flagged "sensitive" commands alone use the
> > pre-built REGEX to filter sensitive data.
>
> I am not sure what you mean by this. The REGEX can get quite complex,
> do you envision to create a giant set of or'ed method names? It can be
> done but I doubt that building a REGEX is the best thing at load time.
> At that time more efficient lists or arrays can be build (or a tree
> :P)
> Any way tests will tell us.
>
> --
> Daan
>

--e89a8f50345e1e6af704f70edc37--