jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chetan Mehrotra <chetan.mehro...@gmail.com>
Subject Providing details with CommitFailedException and security considerations
Date Thu, 12 Sep 2013 04:56:14 GMT
Hi,

As part of OAK-943 I had updated the ConflictValidator [1] to more
more details around Commit Failure. However exposing such details as
part of exception was considered risky from security aspect and it was
decided to log a warning instead.

Now in some cases the upper layer do expect a CommitFailedException
have required logic to retry the commit in case of failure. In such
cases these warning logs cause confusion.

So not sure what is the best thing to do. Should I turn the log to
debug level or make details part of exception message?

Making it part of warn level would cause issue as such situations a
not very repetative and users typically run system at INFO level.

If I make it part of exception message is then max it would expose
presence of some property names (not there values). And in most cases
the exception is not exposed to end user and is logged to system logs.
So probably we can make it part of exception message itself


[1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/commit/ConflictValidator.java#L90

Chetan Mehrotra

Mime
View raw message