Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilHttp.java

taher
It is usually bad practice to comment out code as discussed in other
threads. I recommend either keeping or deleting that bit of code.

On Apr 14, 2017 2:04 PM, <[hidden email]> wrote:

> Author: jleroux
> Date: Fri Apr 14 11:04:04 2017
> New Revision: 1791346
>
> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
> Log:
> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
> username and password in logs
> (OFBIZ-9310)
>
> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
> String>...
> method, following line of code prints username and password in logs when
> verbose
>  is set to true.
>
> Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module);
>
> Aditya suggested:
> Removed the line that prints "Request Parameter Map Entries" as it may
> print
> username and password entered by user when verbose set to true.
> It may not be a grave concern for staging environment as verbose are not
> logged
> there but it is still unethical to print such details.
>
> jleroux: I decided to rather comment out the line which might still be
> useful
> in some cases...
>
> Thanks: Aditya Sharma
>
> Modified:
>     ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java
>
> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java
> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
> framework/base/src/main/java/org/apache/ofbiz/base/util/
> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
> ============================================================
> ==================
> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java (original)
> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
> @@ -158,7 +158,7 @@ public final class UtilHttp {
>
>          if (Debug.verboseOn()) {
>              Debug.logVerbose("Made Request Parameter Map with [" +
> paramMap.size() + "] Entries", module);
> -            Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module);
> +            //Debug.logVerbose("Request Parameter Map Entries: " +
> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
> module); see OFBIZ-9310
>          }
>
>          return canonicalizeParameterMap(paramMap);
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/ base/util/UtilHttp.java

Jacques Le Roux
Administrator
This is a particular case as explained in the commit

Jacques


Le 14/04/2017 à 13:27, Taher Alkhateeb a écrit :

> It is usually bad practice to comment out code as discussed in other
> threads. I recommend either keeping or deleting that bit of code.
>
> On Apr 14, 2017 2:04 PM, <[hidden email]> wrote:
>
>> Author: jleroux
>> Date: Fri Apr 14 11:04:04 2017
>> New Revision: 1791346
>>
>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>> Log:
>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>> username and password in logs
>> (OFBIZ-9310)
>>
>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>> String>...
>> method, following line of code prints username and password in logs when
>> verbose
>>   is set to true.
>>
>> Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>>
>> Aditya suggested:
>> Removed the line that prints "Request Parameter Map Entries" as it may
>> print
>> username and password entered by user when verbose set to true.
>> It may not be a grave concern for staging environment as verbose are not
>> logged
>> there but it is still unethical to print such details.
>>
>> jleroux: I decided to rather comment out the line which might still be
>> useful
>> in some cases...
>>
>> Thanks: Aditya Sharma
>>
>> Modified:
>>      ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>
>>           if (Debug.verboseOn()) {
>>               Debug.logVerbose("Made Request Parameter Map with [" +
>> paramMap.size() + "] Entries", module);
>> -            Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>> +            //Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module); see OFBIZ-9310
>>           }
>>
>>           return canonicalizeParameterMap(paramMap);
>>
>>
>>

Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/ base/util/UtilHttp.java

taher
To my understanding all commented out code is commented out because it
"might still be useful". And if something "might be useful" then you can
always find it in source control. There is no specific reason that I saw in
your comment beyond "might be useful" to warrant keeping it as far as I
read.

On Apr 14, 2017 2:36 PM, "Jacques Le Roux" <[hidden email]>
wrote:

This is a particular case as explained in the commit

Jacques



Le 14/04/2017 à 13:27, Taher Alkhateeb a écrit :

> It is usually bad practice to comment out code as discussed in other
> threads. I recommend either keeping or deleting that bit of code.
>
> On Apr 14, 2017 2:04 PM, <[hidden email]> wrote:
>
> Author: jleroux
>> Date: Fri Apr 14 11:04:04 2017
>> New Revision: 1791346
>>
>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>> Log:
>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>> username and password in logs
>> (OFBIZ-9310)
>>
>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>> String>...
>> method, following line of code prints username and password in logs when
>> verbose
>>   is set to true.
>>
>> Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>>
>> Aditya suggested:
>> Removed the line that prints "Request Parameter Map Entries" as it may
>> print
>> username and password entered by user when verbose set to true.
>> It may not be a grave concern for staging environment as verbose are not
>> logged
>> there but it is still unethical to print such details.
>>
>> jleroux: I decided to rather comment out the line which might still be
>> useful
>> in some cases...
>>
>> Thanks: Aditya Sharma
>>
>> Modified:
>>      ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>>
>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java
>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>> ============================================================
>> ==================
>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>
>>           if (Debug.verboseOn()) {
>>               Debug.logVerbose("Made Request Parameter Map with [" +
>> paramMap.size() + "] Entries", module);
>> -            Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module);
>> +            //Debug.logVerbose("Request Parameter Map Entries: " +
>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>> module); see OFBIZ-9310
>>           }
>>
>>           return canonicalizeParameterMap(paramMap);
>>
>>
>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: svn commit: r1791346 - /ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/org/apache/ofbiz/ base/util/UtilHttp.java

Jacques Le Roux
Administrator
Because you can't easily retrieve a such line from history if you don't know it existed, having it ready is handy.

I agree with the idea of removing superfluous lines in general, but there can be exceptions in rules, this is one.

This said if you really feel a need to remove it, I let your scratch your itch :)

Jacques


Le 14/04/2017 à 13:55, Taher Alkhateeb a écrit :

> To my understanding all commented out code is commented out because it
> "might still be useful". And if something "might be useful" then you can
> always find it in source control. There is no specific reason that I saw in
> your comment beyond "might be useful" to warrant keeping it as far as I
> read.
>
> On Apr 14, 2017 2:36 PM, "Jacques Le Roux" <[hidden email]>
> wrote:
>
> This is a particular case as explained in the commit
>
> Jacques
>
>
>
> Le 14/04/2017 à 13:27, Taher Alkhateeb a écrit :
>
>> It is usually bad practice to comment out code as discussed in other
>> threads. I recommend either keeping or deleting that bit of code.
>>
>> On Apr 14, 2017 2:04 PM, <[hidden email]> wrote:
>>
>> Author: jleroux
>>> Date: Fri Apr 14 11:04:04 2017
>>> New Revision: 1791346
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1791346&view=rev
>>> Log:
>>> Fixed: On setting verbose true, UtilHttp.getParameterMap() method prints
>>> username and password in logs
>>> (OFBIZ-9310)
>>>
>>> In UtilHttp.getParameterMap(HttpServletRequest request, Set<? extends
>>> String>...
>>> method, following line of code prints username and password in logs when
>>> verbose
>>>    is set to true.
>>>
>>> Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module);
>>>
>>> Aditya suggested:
>>> Removed the line that prints "Request Parameter Map Entries" as it may
>>> print
>>> username and password entered by user when verbose set to true.
>>> It may not be a grave concern for staging environment as verbose are not
>>> logged
>>> there but it is still unethical to print such details.
>>>
>>> jleroux: I decided to rather comment out the line which might still be
>>> useful
>>> in some cases...
>>>
>>> Thanks: Aditya Sharma
>>>
>>> Modified:
>>>       ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java
>>>
>>> Modified: ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java
>>> URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/
>>> framework/base/src/main/java/org/apache/ofbiz/base/util/
>>> UtilHttp.java?rev=1791346&r1=1791345&r2=1791346&view=diff
>>> ============================================================
>>> ==================
>>> --- ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java (original)
>>> +++ ofbiz/ofbiz-framework/trunk/framework/base/src/main/java/
>>> org/apache/ofbiz/base/util/UtilHttp.java Fri Apr 14 11:04:04 2017
>>> @@ -158,7 +158,7 @@ public final class UtilHttp {
>>>
>>>            if (Debug.verboseOn()) {
>>>                Debug.logVerbose("Made Request Parameter Map with [" +
>>> paramMap.size() + "] Entries", module);
>>> -            Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module);
>>> +            //Debug.logVerbose("Request Parameter Map Entries: " +
>>> System.getProperty("line.separator") + UtilMisc.printMap(paramMap),
>>> module); see OFBIZ-9310
>>>            }
>>>
>>>            return canonicalizeParameterMap(paramMap);
>>>
>>>
>>>
>>>