[
https://issues.apache.org/jira/browse/SLING-10227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17304934#comment-17304934
]
Amit Jain commented on SLING-10227:
-----------------------------------
bq. Instead of adding a new log statement to bing the package id and the blob
id, how about using the same identifier for both and keep a single log
statement ?
Yes it makes lot of sense.
{quote}The package builders produce an opaque id string. It's not necessarily a
UUID but typically a prefix + UUID. So unless the binary store limits ids, it
should work.
{quote}
Yeah prefix was the reason didn't use this. It may not be an issue here but
because of the prefix we loose the randomness which typically helps the stores
to store efficiently. So, i think we can try the approach here.
> Improvement in distribution logging to log id generated for binary reference
> and not log reference
> --------------------------------------------------------------------------------------------------
>
> Key: SLING-10227
> URL: https://issues.apache.org/jira/browse/SLING-10227
> Project: Sling
> Issue Type: Improvement
> Components: Content Distribution
> Reporter: Amit Jain
> Assignee: Timothee Maret
> Priority: Major
>
> PackageDistribution also logs the binary reference which might log
> implementation details leaking out some secrets.
> Proposed
> [change|https://github.com/apache/sling-org-apache-sling-distribution-journal/compare/master...amit-jain:master]
> which is now upstaged with recent
> [changes|https://github.com/apache/sling-org-apache-sling-distribution-journal/blame/479dcb4f9784a152ebcc3a37fa6e172544754911/src/main/java/org/apache/sling/distribution/journal/impl/publisher/DistributionPublisher.java#L281-L282].
> [~tmaret] What's the way forward, I think we should only log certain elements
> and not all the package contents which besides the security issues can be
> quite heavy
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
