Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Obfuscate event tracing #3674

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Obfuscate event tracing #3674

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2015-02-22 21:50:18 +0100
From: @mlkersten
To: MonetDB5 devs <>
Version: 11.17.21 (Jan2014-SP3)

Last updated: 2015-08-28 13:42:01 +0200

Comment 20670

Date: 2015-02-22 21:50:18 +0100
From: @mlkersten

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0) Gecko/20100101 Firefox/35.0
Build Identifier:

The performance event stream contains all the details of the actions against the database. Every eligible MonetDB user can grab this stream and thereby compromise privacy.
It would make sense to limit this feature to the database administrator, who, using e.g. the Tachograph web-service makes this information accessible to selective users.

Reproducible: Always

Comment 20987

Date: 2015-07-09 21:53:44 +0200
From: @mlkersten

The MAL profiler only emits events from the user initiating the profiling request. This greatly reduces the security leak while still allowing users to
study the performance of queries.
Currently, any user can at any time 'steal' the profiling stream.

Comment 21198

Date: 2015-08-28 13:42:01 +0200
From: @sjoerdmullender

Jul2015 has been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant