*From: *Zellyn Hunter <zel...@gmail.com> *Date: *Mon, May 13, 2019 at 8:16 AM *To: *Adam Cozzette *Cc: *Josh Humphries, Protocol Buffers
On Fri, May 10, 2019 at 6:06 PM Adam Cozzette <acozze...@google.com> wrote: > >> I asked for feedback about this proposal within Google and unfortunately >> it sounds like there's not a lot of support for accepting this kind of >> change. The general feedback I got was that it's best to simply avoid >> printing out any protos at all if they might contain sensitive information. >> This kind of feature might provide a false sense of security and encourage >> developers to print out protos that haven't necessarily been fully >> annotated with the sensitive field option. There was some agreement that in >> Java it is particularly easy to print stringified protos by accident, but >> it seems that ideally we would want to disable that behavior entirely >> rather than redacting particular fields. >> > > For what it's worth, when discussing this before, some folks on the > Protobuf Team mentioned that the parts of Google that deal with financial > transactions actually have something similar to our proposal. Or at least > something that accomplishes the same goal. > That is true, but from what I understand that solution is a bit different. It is built as libraries and tools on top of protobuf, so while it has the advantage of not needing access to protobuf internals, it doesn't really prevent accidental stringification the same way. You would have to call a library function to sanitize a message, so this would not just happen automatically. -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+unsubscr...@googlegroups.com. To post to this group, send email to protobuf@googlegroups.com. Visit this group at https://groups.google.com/group/protobuf. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/CADqAXr6r1k%3Dr46ZS2-gGHd7TEQc1wh0OjQM8rRMMyYo3R2r8yA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
