Re: [PR] add broker config options for sql log redaction [pinot]

via GitHub Sun, 31 May 2026 05:19:41 -0700


xiangfu0 commented on PR #18604:
URL: https://github.com/apache/pinot/pull/18604#issuecomment-4586665937


   The SQL redaction pass still appears incomplete for the single-stage RLS 
path. `BaseSingleStageBrokerRequestHandler.applyRlsFilters()` still logs 
`LOGGER.debug("Applied RLS filters ... {}", query)` with the raw SQL, so 
`sqlRedaction=full` or `literal_values` can still leak unredacted query text on 
real RLS-protected requests. That debug log needs to go through 
`_queryLogger.redactQuery(query, requestContext.getQueryFingerprint())` as well.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] add broker config options for sql log redaction [pinot]

Reply via email to