Caideyipi commented on PR #17981:
URL: https://github.com/apache/iotdb/pull/17981#issuecomment-4737774858

   I found two issues that still look worth fixing:
   
   1. `PipeSinkSubtaskManager` now restores the raw `attributeSortedString` 
into the internal `taskID`, which is needed for compatibility, but the same raw 
string is also passed into `PipeSinkSubtask` and later returned by 
`getAttributeSortedString()`. That value is used as the metrics `Tag.NAME` in 
`PipeDataRegionSinkMetrics` and `PipeSchemaRegionSinkMetrics`, so secrets such 
as `sink.scp.password=...` or `sink.ssl.trust-store-pwd=...` can still be 
exposed through metric labels. Please keep the raw id only for internal 
map/executor keys, and use the display/sanitized attribute string for metric 
labels.
   
   2. `PipeSubtaskExecutor#getSafeSubtaskStr` is still used on the 
`SUBTASK_NOT_REGISTERED` fallback paths and only masks `password=...`. With the 
raw sink `taskID`, this can still log sensitive keys covered by 
`PipeParameters.ValueHider`, for example `ssl.trust-store-pwd`. It would be 
better to reuse the same hiding rule as `ValueHider`, or avoid logging raw ids 
in those fallback paths.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to