obfuscation as default
John Gerth
gerth at graphics.stanford.edu
Wed Jan 18 19:03:55 EST 2012
Elof's logic is sound. I'm for keeping obfuscation as the default
and if the documentation is updated, I'm not sure how much
emitting a message on stderr is worth.
Just my 2 cents....not trying to muddy the obfuscation waters,
/J
On 1/18/12 3:58 PM, Carter Bullard wrote:
> OK, the count is now 2 - 2. The issue is valid, that we should not set
> incorrect expectations. We could print a warning to stderr, that ra.1
> obfuscated content?
>
> Carter
>
>
> On Jan 18, 2012, at 6:21 AM, elof2 at sentor.se wrote:
>
>>
>> First I thought like CS Lee, that it was backwards to obfuscate without asking for it on the commandline. That's why I reported it to the list in the first place.
>>
>> Though, once Carter explained that the default was to obfuscate, to protect and prevent from accidental copy and paste of sensitive data into e.g. an email, I changed my mind.
>> That is a cheap and simple protection from human mistakes that can get really embarrising/awkward if one paste the wrong data to e.g. a mailinglist.
>>
>> So I vote for the Carter approach. Obfuscate in the clients by default and use -x to reveal the real data.
>>
>> The real problem is that this was an undocumented feature. Once it's a known default (the new man pages), I only see benefits with the default obfuscation.
>>
>>
>> Regarding that there are sensitive data in the binary argus file... It contain so much sensitive data that I always treat it as highly sensitive.
>> I would think three or four times before sending an argus-logfile to e.g. a mailinglist, while a simple copy and paste of some ra output could possibly slip by.
>>
>> /Elof
>>
>>
More information about the argus
mailing list