Taras, it's strange that table schema and binary object schema are considered sensitive information. I suppose, that current realization is what it is because of simplicity of implementation. I've never heard from any cybersecurity expert, that sql plan or table schema are personal or sensitive info. If attacker already can read logs from graylog or kibana, you have already pwned. It's strange to worry about SQL schema when this event occurs.
пн, 5 апр. 2021 г. в 13:45, Taras Ledkov <tled...@gridgain.com>: > Hi, > > I work on ticket IGNITE-14441 [1] to hide sensitive information at the > log messages produced by SQL. > There are negative comments for the patch. > > I guess we have to produce view to work with sensitive information and > make rules to define sensitive information. > > See on the usage of the GridToStringBuilder#includeSensitive. Class > names and field names now are considered sensitive. > My train of thought is this: SQL query and query plan contain table name > (similar to class name) and field name. > So, the query and plan are completely sensitive. > > Lets define sensitive info and work with it for Ignite. > > Someone proposes introduce one more Ignite property for print SQL > sensitive info. > I think this leads to complication. > > Introduce levels of the sensitivity make sense but all similar > information must be handled with the same rules. > > Igniters, WDYT? > > [1]. https://issues.apache.org/jira/browse/IGNITE-14441 > > -- > Taras Ledkov > Mail-To: tled...@gridgain.com > > -- Sincerely yours, Ivan Daschinskiy
