hi chetan please don't expose any information in the exception nor in the log files that was not accessible otherwise to the user. not even item names.
thanks angela On 9/12/13 6:56 AM, "Chetan Mehrotra" <[email protected]> wrote: >Hi, > >As part of OAK-943 I had updated the ConflictValidator [1] to more >more details around Commit Failure. However exposing such details as >part of exception was considered risky from security aspect and it was >decided to log a warning instead. > >Now in some cases the upper layer do expect a CommitFailedException >have required logic to retry the commit in case of failure. In such >cases these warning logs cause confusion. > >So not sure what is the best thing to do. Should I turn the log to >debug level or make details part of exception message? > >Making it part of warn level would cause issue as such situations a >not very repetative and users typically run system at INFO level. > >If I make it part of exception message is then max it would expose >presence of some property names (not there values). And in most cases >the exception is not exposed to end user and is logged to system logs. >So probably we can make it part of exception message itself > > >[1] >https://github.com/apache/jackrabbit-oak/blob/trunk/oak-core/src/main/java >/org/apache/jackrabbit/oak/plugins/commit/ConflictValidator.java#L90 > >Chetan Mehrotra
