mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 48919: Updated HTTPProxy to return a failure message in the HTTP result.
Date Mon, 20 Jun 2016 16:20:20 GMT


> On June 20, 2016, 8:02 a.m., Alexander Rojas wrote:
> > 3rdparty/libprocess/src/process.cpp, line 1218
> > <https://reviews.apache.org/r/48919/diff/2/?file=1423754#file1423754line1218>
> >
> >     I don't think returning the contents of `future.failure()` as the body is a
good idea.
> >     
> >     The failure messages usually contain details about the failures that are in
general useful to debug, or configuration details that may not be useful to someone doing
an HTTP request at best and just plain dangerous at worst (you may be spill configuration
details).

This concern is definitely valid. We have discussed this a while back and forth - involved
where AlexR, me and BenM. We came to the conclusion that it is up to the authorizer/authenticator
developer to no leak sensitive information in such failure message. I will spin up another
RR that should help documenting and explaining the risks here.

In the end, we decided that it would be very beneficial for operators to have complete feedback
even in the browser request already. As discussed, I will drop this issue now - I still highly
appreciate your comment and feel it is entirely well founded.


- Till


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48919/#review138544
-----------------------------------------------------------


On June 20, 2016, 1:55 p.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48919/
> -----------------------------------------------------------
> 
> (Updated June 20, 2016, 1:55 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rukletsov, Anand Mazumdar, Alexander Rojas,
Benjamin Mahler, Greg Mann, and Kapil Arya.
> 
> 
> Bugs: MESOS-5637
>     https://issues.apache.org/jira/browse/MESOS-5637
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> see summary.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 703f673a98102958c5e2b0c1833efad2ddc53ef8 
> 
> Diff: https://reviews.apache.org/r/48919/diff/
> 
> 
> Testing
> -------
> 
> make check (OSX and some Linux distros)
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message