Alena, I can see I am not being clear because what you say is the sensible way and apart from the parameter level exactly what happens.
The parameter thing is an enhancement that we can make on top of this. At the moment it only obfuscate a set of parameters with a fixed set of names. We will have to have a new discussion of what the desirable default is however. I say security first. but let's not have that discussion in this thread. Hope this clarifies, Daan On Fri, Mar 7, 2014 at 8:21 PM, Alena Prokharchyk <alena.prokharc...@citrix.com> wrote: > Daan, if the default comes as true for the command, I assume that the user > won¹t see the command logged at all? Unless he overrides it. > I assume sensitive=³true² means not ³analyze the command² but rather > ³don¹t log the command². That doesn¹t seem right to me. > > True would seem right to me if the parameter is defined on both > parameter/command level (which is not how it works today). Then parameter > in @ApiCommand annotation will just trigger the analyze for sensitive > parameters, and the parameter in the @Parameter will tell whether to log > the parameter itself. > > > -Alena. > > On 3/7/14, 10:51 AM, "Daan Hoogland" <daan.hoogl...@gmail.com> wrote: > >>On Fri, Mar 7, 2014 at 7:31 PM, Alena Prokharchyk >><alena.prokharc...@citrix.com> wrote: >>> And the defaults should be false, >> >> >>I don't agree, The true case does nothing if no fields are recognized >>as sensitive, but it the flase case skips sensitive data containing >>log messages. The only consquence of true as default is a performance >>penalty that we were paying in the old case anyhow. >> >>-- >>Daan > -- Daan
