Itamar Heim has posted comments on this change.
Change subject: core: user level queries - filtered entities
......................................................................
Patch Set 5: (1 inline comment)
....................................................
File
backend/manager/dbscripts/upgrade/pre_upgrade/add_object_column_white_list_table.sql
Line 39: column_name not in
('pm_enabled','pm_user','pm_password','pm_port','pm_options'));
1. you are writing code that makes assumptions on how it is used, and will fail
someone should they move or re-use it in the future.
also, someone looking at this patch cannot say for sure which fields you meant
to add
2. there are fields which are a clear security issue like the PM fields. there
are other fields which cause information leakage, but less severe (say, host
interface collection should not be returned to user probably).
so question is for the infra type of entities, how do we expose only that which
is a must.
--
To view, visit http://gerrit.ovirt.org/4469
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If68b290aaacc0eea5d117ef64536cbf94d195cee
Gerrit-PatchSet: 5
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Eli Mesika <emes...@redhat.com>
Gerrit-Reviewer: Allon Mureinik <amure...@redhat.com>
Gerrit-Reviewer: Eli Mesika <emes...@redhat.com>
Gerrit-Reviewer: Itamar Heim <ih...@redhat.com>
Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
