Eli Mesika has posted comments on this change.
Change subject: core: user level queries - filtered entities
......................................................................
Patch Set 5: (1 inline comment)
....................................................
File
backend/manager/dbscripts/upgrade/pre_upgrade/add_object_column_white_list_table.sql
Line 39: column_name not in
('pm_enabled','pm_user','pm_password','pm_port','pm_options'));
1) Not correct.
This is only a short way to initialize the table with all columns accept those
which must be filtered for now. so , the table will include the columns that
are not filtered and this is a white-list.
Also, note that this executed only when we have no values for the object ('vds'
in that case) , so , if a column is added, it will not be included in generated
sql since the body of the if block is skipped in that case and to include that
you should explicitly call the fn_db_add_column_to_object_white_list as stated
in the comment below.
2) I think that we should only block the secured information and leave the
other untouched. I see no effort or added complexity in masking only the fields
should be hidden from the suer
--
To view, visit http://gerrit.ovirt.org/4469
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If68b290aaacc0eea5d117ef64536cbf94d195cee
Gerrit-PatchSet: 5
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Eli Mesika <[email protected]>
Gerrit-Reviewer: Allon Mureinik <[email protected]>
Gerrit-Reviewer: Eli Mesika <[email protected]>
Gerrit-Reviewer: Itamar Heim <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
