Hi Thomas, Thanks for the reply and the feedback. I always appreciate some constructive criticism. Let me take another look at the patch with your suggestions in mind and hopefully return with something that'll be more pleasing.
As for the session id vs. username per entry. For us, a session id without the username is definitely doable, it just requires an explanation. I took the "everything and the kitchen sink" approach on that one just to avoid any ambiguity. However, after speaking with our team member handling the security audits, I'm relatively certain we can get away with what you've suggested (just the session id alone). Thanks, Richard Bull On Wednesday, April 29, 2015 at 11:37:20 AM UTC-7, Thomas Mueller wrote: > > Hi, > > Thanks for the patch! > > I wonder, why do you need to log the session user, and not just the > session id? > > I think I understand the problem you want to solve, but the patch is > larger than necessary: logAndConvert could be overriden for example, which > should make the patch a lot smaller. The patch is also a bit ugly: the > Session class is hardcoded in trace module. What about using toString() > instead? > > I think there is a more elegant, and easier way to do what you want. > > Regards, > Thomas > > > On Thursday, April 23, 2015, Richard Bull <[email protected] > <javascript:>> wrote: > >> I'm working with a team of developers that are using H2. While we really >> like using H2 in our project, we need to adhere to some strict logging >> guidelines. Because of this, we've unfortunately found a few shortages in >> H2 related to how it generates a trace log: >> >> 1. We were unable to discern what query was executed on what session or >> by what user. >> 2. Failed queries were logged as exceptions and didn't always show the >> offending query in the trace log. >> 3. The time stamp in the trace log did not contain the year for each >> logged event. >> >> The work we've done addresses these issues so we're able to meet our own >> security guidelines. We've also put together a patch for your team to look >> at and hopefully consider using in your future releases. >> >> Let us know what you think >> >> P.S. >> >> We're currently aiming at using H2 1.3.176 until the next stable version >> is released. So I've provided a patch that also covers these issues in >> 1.3.176 and your current trunk version. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "H2 Database" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/h2-database. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/h2-database. For more options, visit https://groups.google.com/d/optout.
