[YAMos-dev] Re: Ticket #90 (Debug Output without private Data)
- From: Frank Weber <opionline@xxxxxxxx>
- To: yamos-dev@xxxxxxxxxxxxx
- Date: Fri, 12 Mar 2010 11:28:27 +0100
Hello Jens,
on 12.03.2010 you wrote:
> Hi Frank,
>
> Am 12.03.10 10:32, schrieb Frank Weber:
>
>> The Ticket #90 is closed but i want to respect the users privacy
>> and YAM should not output a full E-Mail address in the debug
>> logs. Such log can be a potential source for spammers.
>>
> [...]
>>
>> I want to commit this patch. See also attached Debug.c.diff
>>
>> Has anybody opinions against the patch?
>
> Yes, I do ;) But as I want to make sure you understand why I feel
> that your patch might not be appropriate for us, I explain why:
>
> 1. It would bring down the general performance of the debug
> output quite considerably because on every output the string
> would have to be parsed before being output. Just think about
> large outputs. In addition, the debug output in its current form
> already slows down the performance of YAM a lot and adding that
> IMHO unnecessary functionality would bring it down even more.
My slogan also in my real life is security first.
Then follow speed of course. :-)
> 2. It would prevent debug statements which I tend to us: "time
> request issued@10:00:00" because the "@" sign is not only used
> for email addresses.
I check that already and *all* at signs are followed by a space
in the current debug output.
> 3. E-mail adresses are not as sensitive information like
> passwords. And for the password case we already addressed your
> request in ticket #90.
Not sensitive information for you and for me but other people have of
course another opinion.
> 4. It works around the main problem: The user himself is
> responsible for submitting information without any sensitive
> information he might feel might be necessary to be left out.
Do you know how many a user must change in such log? Depending on the
debuglevel of course. An average user would not replace so much in
the log. He might prefer to not sending such a logfile because of the
lot of work.
> 5. You cannot catch all cases of stripping private information
> anyway. Just think about an email with private information in
> there. Something from his bank account or a private communication
> with his girlfriend or even the real name of persons he don't
> want to get affiliated to.
Yes of course. But you know email addresses are easy to find by a bot
and can be used to send mass of spam mails.
> 6. Debug output is meant to be "DEBUG" stuff and not for general
> use. If a user is requested to sent that information to us he
> always is/should be informed about stripping out all private
> information be might think might be necessary. That is really all
> we can/should do.
See also point 5.
> So I am very sorry, but I still have to reject your patch as IMHO
> it just works around the main problem (user being responsible)
> and it would make our (developers) life a little bit harder as
> the debug output would slow down for no particular reason.
try to see it also from the POV of an average user and think again
about it...
> BTW: And yes, you do have to use VNewRaDoFmt() instead of
> KPrintF() on MorphOS.
OK. I don't know much about MorphOS. But using the same function as
before is a little surprisingly for me.
Regards,
Frank (Opi) Weber
--
_______________________________________________________________________
YAM developer mailing list - http://www.freelists.org/list/yamos-dev
Listserver help...: mailto:yamos-dev-request@xxxxxxxxxxxxx?subject=HELP
Unsubscribe: mailto:yamos-dev-request@xxxxxxxxxxxxx?subject=UNSUBSCRIBE
Other related posts: