|
»
»
Privacy by default
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Privacy by default
by Michael Banck-3
::
Rate this Message:
Hi,
I think it would be better to enable suppression of sensitive data in tracing by default. Therefore, I propose to change the meaning of the OSYNC_PRIVACY environment to the following: 1. If OSYNC_PRIVACY is not set, suppress private data 2. If OSYNC_PRIVACY=0 is set, show private data 3. If OSYNC_PRIVACY is set to something else (e.g. OSYNC_PRIVACY=1), suppress private data This makes showing private data opt-in, i.e. the user has to explicitely request. I have attached patches for 0.22 and 0.36 which implement this, though maybe this could be done more elegantly. What do you think? Michael --- opensync-0.36.orig/opensync/opensync_support.c +++ opensync-0.36/opensync/opensync_support.c @@ -82,10 +82,11 @@ if (!trace_sensitive) trace_sensitive = g_private_new(NULL); - if (sensitive) - g_private_set(trace_sensitive, GINT_TO_POINTER(1)); - else - g_private_set(trace_sensitive, GINT_TO_POINTER(0)); + // set to sensitive by default + g_private_set(trace_sensitive, GINT_TO_POINTER(1)); + if (sensitive) + if (!strncmp(sensitive,"0", 1)) + g_private_set(trace_sensitive, GINT_TO_POINTER(0)); if (!g_file_test(trace, G_FILE_TEST_IS_DIR)) { printf("OSYNC_TRACE argument is no directory\n"); --- opensync-0.22.orig/opensync/opensync_debug.c +++ opensync-0.22/opensync/opensync_debug.c @@ -56,8 +56,15 @@ char *buffer = NULL; const char *trace = g_getenv("OSYNC_TRACE"); - const char *sensitive = g_getenv("OSYNC_PRIVACY"); - + char *sensitive = (char*)g_getenv("OSYNC_PRIVACY"); + + if (sensitive) { + if (!strncmp(sensitive, "0", 1)) + sensitive = NULL; + } else { + // set to sensitive by default + sensitive = "1"; + } if (!trace) return; ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Opensync-devel mailing list Opensync-devel@... https://lists.sourceforge.net/lists/listinfo/opensync-devel |
|
|
Re: Privacy by default
by Daniel Gollub
::
Rate this Message:
On Sunday 09 March 2008 16:54:52 Michael Banck wrote:
> Hi, > > I think it would be better to enable suppression of sensitive data in > tracing by default. Yeah, very likely a very good idea. > Therefore, I propose to change the meaning of the > OSYNC_PRIVACY environment to the following: > > 1. If OSYNC_PRIVACY is not set, suppress private data > 2. If OSYNC_PRIVACY=0 is set, show private data > 3. If OSYNC_PRIVACY is set to something else (e.g. OSYNC_PRIVACY=1), > suppress private data > > This makes showing private data opt-in, i.e. the user has to explicitely > request. > > I have attached patches for 0.22 and 0.36 which implement this, though > maybe this could be done more elegantly. > > What do you think? 1. OSYNC_NOPRIVACY=xyzWHATEVER prints everything 2. unset OSYNC_NOPRIVACY prints no senstive In my opionen the change from OSYNC_PRIVACY to OSYNC_NOPRIVACY will not hurt since this isn't very well documented beside the wiki (afaik). best regards, Daniel [noprivacy.diff] Index: opensync/opensync_support.c =================================================================== --- opensync/opensync_support.c (revision 3208) +++ opensync/opensync_support.c (working copy) @@ -91,11 +91,11 @@ if (!trace) return; - const char *sensitive = g_getenv("OSYNC_PRIVACY"); + const char *noprivacy = g_getenv("OSYNC_NOPRIVACY"); if (!trace_sensitive) trace_sensitive = g_private_new(NULL); - if (sensitive) + if (noprivacy) g_private_set(trace_sensitive, GINT_TO_POINTER(1)); else g_private_set(trace_sensitive, GINT_TO_POINTER(0)); @@ -192,7 +192,7 @@ logmessage = g_strdup_printf("[%li.%li]\t%s%s%s", curtime.tv_sec, curtime.tv_usec, tabstr->str, buffer, endline); break; case TRACE_SENSITIVE: - if (!GPOINTER_TO_INT(g_private_get(trace_sensitive))) + if (GPOINTER_TO_INT(g_private_get(trace_sensitive))) logmessage = g_strdup_printf("[%li.%li]\t%s[SENSITIVE] %s%s", curtime.tv_sec, curtime.tv_usec, tabstr->str, buffer, endline); else logmessage = g_strdup_printf("[%li.%li]\t%s[SENSITIVE CONTENT HIDDEN]%s", curtime.tv_sec, curtime.tv_usec, tabstr->str, endline); ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Opensync-devel mailing list Opensync-devel@... https://lists.sourceforge.net/lists/listinfo/opensync-devel |
|
|
Re: Privacy by default
by Daniel Gollub
::
Rate this Message:
On Sunday 09 March 2008 20:14:55 Daniel Gollub wrote:
> 1. OSYNC_NOPRIVACY=xyzWHATEVER prints everything > 2. unset OSYNC_NOPRIVACY prints no senstive +stuff > > In my opionen the change from OSYNC_PRIVACY to OSYNC_NOPRIVACY will not > hurt since this isn't very well documented beside the wiki (afaik). I forgot to mention the main advantage: With just renaming no complex stuff like an "expensive" strcmp is needed. For sure it's less intuitive that OSYNC_NOPRIVACY=0 will not be the expected result .. but this keeps tracing simple and hopefully a bit fast then with strcmp(). (Those g_getenv() calls are still expensive...) But at least no sensitive information is leaking by default. best regards, Daniel ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Opensync-devel mailing list Opensync-devel@... https://lists.sourceforge.net/lists/listinfo/opensync-devel |
| Free Forum Powered by Nabble | Forum Help |