loserwang1024 commented on PR #3047:
URL: https://github.com/apache/fluss/pull/3047#issuecomment-4900773035

   @wuchong , I have modified this PR based on your advice. Only one is left 
for another PR later.
   
   One concern I have is that `security.sasl.plain.credentials` is a bit 
different from normal sensitive config options. Each list entry stores 
`username:password` as a single string value, so the config framework cannot 
naturally distinguish the non-sensitive username part from the sensitive 
password part.
   
   If we only add a generic sensitive flag, the safest behavior would be to 
mask the whole config value in `describeClusterConfigs` / 
`get_cluster_configs`. That is reusable and avoids leaking passwords, but it 
also means usernames are hidden together with passwords.
   
   If we want to show usernames while hiding passwords, we would need special 
parsing logic for this specific config key, e.g. rendering 
`alice:******,bob:******`. I’m not sure that belongs in the generic config 
display path, because it would make the config framework aware of 
SASL/PLAIN-specific value syntax and edge cases.
   
   So I’d like to discuss which direction we prefer:
   1. Treat the whole `security.sasl.plain.credentials` value as sensitive and 
mask it entirely.
   2. Add special handling for this key to expose usernames but mask passwords.
   3. Keep config display generic, and if listing SASL/PLAIN users is needed, 
add a dedicated user-management/list-users API later.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to