> On June 30, 2016, 2:32 p.m., Joerg Schad wrote: > > src/master/http.cpp, line 1505 > > <https://reviews.apache.org/r/49394/diff/3/?file=1434090#file1434090line1505> > > > > Could we potentially expose sensitive information in the error message? > > If so, let us use a generic "Could not ..." error message
This issue has been raised in the past (by myself actually), our pattern however is to expose this information. > On June 30, 2016, 2:32 p.m., Joerg Schad wrote: > > src/master/http.cpp, line 1580 > > <https://reviews.apache.org/r/49394/diff/3/?file=1434090#file1434090line1580> > > > > serialize( > > contentType, > > evolve<v1::master::Response::GET_FLAGS>(flags.get())), > > stringify(contentType)); your suggested formatting implieas that `stringify(contentType)` is part of serialize which is a wrong assumption, inf fact the current formatting clarifies what actually happens. - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49394/#review140141 ----------------------------------------------------------- On June 30, 2016, 1:34 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49394/ > ----------------------------------------------------------- > > (Updated June 30, 2016, 1:34 p.m.) > > > Review request for mesos, Adam B and Vinod Kone. > > > Repository: mesos > > > Description > ------- > > Adds an intermediate function `Master::http::_flags()` which performs > authorization and it is called by both the endpoint `/flags` handler > and the HTTP API v1 call `flags` handler. > > > Diffs > ----- > > src/master/http.cpp e5acdb8e0bbcd7a2b7e8a8bc7f4bbeaae2c4fea1 > src/master/master.hpp e2ab2110fe5a287ab16ac9ef4222fed633e02ebe > > Diff: https://reviews.apache.org/r/49394/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Alexander Rojas > >
