Return-Path: X-Original-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5D85610622 for ; Thu, 12 Sep 2013 04:56:47 +0000 (UTC) Received: (qmail 34758 invoked by uid 500); 12 Sep 2013 04:56:47 -0000 Delivered-To: apmail-jackrabbit-oak-dev-archive@jackrabbit.apache.org Received: (qmail 34600 invoked by uid 500); 12 Sep 2013 04:56:41 -0000 Mailing-List: contact oak-dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-dev@jackrabbit.apache.org Received: (qmail 34592 invoked by uid 99); 12 Sep 2013 04:56:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Sep 2013 04:56:40 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of chetan.mehrotra@gmail.com designates 209.85.219.47 as permitted sender) Received: from [209.85.219.47] (HELO mail-oa0-f47.google.com) (209.85.219.47) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Sep 2013 04:56:34 +0000 Received: by mail-oa0-f47.google.com with SMTP id g12so10260054oah.6 for ; Wed, 11 Sep 2013 21:56:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=uPJCv7jkRmt4yIrjRCMs9PDh44rl1ihPfesjJqxZRa8=; b=tLx0n+JlzOgixbuNHFncrCD8uijpj5QnKdlJ+3jCSB4n8TxFWmkIZI1ocZ5NYCx5Hs 0+vRz7Q1BbW0GUXA0s6jJpxhVruX2Owu8SOxvArd9TibCKKTN3KUbSaFPK98mTvGGGVZ Cu67VClEM8LzvVnWSt6uEv1uFddXR7vkr1/EZ7Ibi98nC+iFCjdWTPQm4TO4aZ+Yj15p vbh8BFgwsqR2EFTjAfGQsO6lBuzJ7vsqbHTjBIMbF8hv6lczNtfAq4IWK7nO/8n198jE xCZqN/bOu4tXcK1SWpXG847Dm3EkMdrFbXJ+VYS35qLwwRXlgHb4vk29SBk/+EXbVZ3o OQXQ== MIME-Version: 1.0 X-Received: by 10.60.80.167 with SMTP id s7mr4898620oex.38.1378961774068; Wed, 11 Sep 2013 21:56:14 -0700 (PDT) Received: by 10.60.5.230 with HTTP; Wed, 11 Sep 2013 21:56:14 -0700 (PDT) Date: Thu, 12 Sep 2013 10:26:14 +0530 Message-ID: Subject: Providing details with CommitFailedException and security considerations From: Chetan Mehrotra To: oak-dev@jackrabbit.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi, As part of OAK-943 I had updated the ConflictValidator [1] to more more details around Commit Failure. However exposing such details as part of exception was considered risky from security aspect and it was decided to log a warning instead. Now in some cases the upper layer do expect a CommitFailedException have required logic to retry the commit in case of failure. In such cases these warning logs cause confusion. So not sure what is the best thing to do. Should I turn the log to debug level or make details part of exception message? Making it part of warn level would cause issue as such situations a not very repetative and users typically run system at INFO level. If I make it part of exception message is then max it would expose presence of some property names (not there values). And in most cases the exception is not exposed to end user and is logged to system logs. So probably we can make it part of exception message itself [1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/commit/ConflictValidator.java#L90 Chetan Mehrotra