mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 49394: Added support for VIEW_FLAGS authorization action in HTTP API.
Date Thu, 30 Jun 2016 12:42:14 GMT


> On June 30, 2016, 2:32 p.m., Joerg Schad wrote:
> > src/master/http.cpp, line 1505
> > <https://reviews.apache.org/r/49394/diff/3/?file=1434090#file1434090line1505>
> >
> >     Could we potentially expose sensitive information in the error message? If so,
let us use a generic "Could not ..." error message

This issue has been raised in the past (by myself actually), our pattern however is to expose
this information.


> On June 30, 2016, 2:32 p.m., Joerg Schad wrote:
> > src/master/http.cpp, line 1580
> > <https://reviews.apache.org/r/49394/diff/3/?file=1434090#file1434090line1580>
> >
> >     serialize(
> >         contentType,
> >         evolve<v1::master::Response::GET_FLAGS>(flags.get())),
> >         stringify(contentType));

your suggested formatting implieas that `stringify(contentType)` is part of serialize which
is a wrong assumption, inf fact the current formatting clarifies what actually happens.


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49394/#review140141
-----------------------------------------------------------


On June 30, 2016, 1:34 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49394/
> -----------------------------------------------------------
> 
> (Updated June 30, 2016, 1:34 p.m.)
> 
> 
> Review request for mesos, Adam B and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds an intermediate function `Master::http::_flags()` which performs
> authorization and it is called by both the endpoint `/flags` handler
> and the HTTP API v1 call `flags` handler.
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp e5acdb8e0bbcd7a2b7e8a8bc7f4bbeaae2c4fea1 
>   src/master/master.hpp e2ab2110fe5a287ab16ac9ef4222fed633e02ebe 
> 
> Diff: https://reviews.apache.org/r/49394/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message