On Fri, May 10, 2019 at 6:06 PM Adam Cozzette <acozze...@google.com> wrote:
> I asked for feedback about this proposal within Google and unfortunately > it sounds like there's not a lot of support for accepting this kind of > change. The general feedback I got was that it's best to simply avoid > printing out any protos at all if they might contain sensitive information. > This kind of feature might provide a false sense of security and encourage > developers to print out protos that haven't necessarily been fully > annotated with the sensitive field option. There was some agreement that in > Java it is particularly easy to print stringified protos by accident, but > it seems that ideally we would want to disable that behavior entirely > rather than redacting particular fields. > For what it's worth, when discussing this before, some folks on the Protobuf Team mentioned that the parts of Google that deal with financial transactions actually have something similar to our proposal. Or at least something that accomplishes the same goal. > I gather that Square is already relying on this functionality in its > internal protobuf fork, so I would say if it helps we could probably at > least try to refactor things to minimize the complexity of maintaining that > behavior difference. > That would be super-helpful. I'll have to catch up on the current state of protobuf library code and figure out how to allow convenient interception. Zellyn -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+unsubscr...@googlegroups.com. To post to this group, send email to protobuf@googlegroups.com. Visit this group at https://groups.google.com/group/protobuf. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CAMQ7dq5jRg9TT0uMfiOreD0F1K4d1EXtUEqP9SkE5aC1jt9UKA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
