FE print token in FE log

[xyllq999]

FE will print token in fe log。

I have two options to solve this problem, either by including a function at each location where the uri is printed and masking the token field. Or change GET to POST to solve the problem completely, but this UT is not very easy to rewrite. Would you like to ask what you think of this? @kevincai

StarRocks version (Required)

3.2.0+ and more

[xyllq999]

I've done the modification to POST in the internal code, and it works perfectly. But I don't seem to be able to fulfill the community's requirements for UT. Which way do you think is better? If you adopt POST, please help solve the UT problem, thank you very much. @kevincai

[kevincai]

please connect the PR this issue

[xyllq999]

please connect the PR this issue

So is it the way to mention POST or which way? Personally, I prefer the modification of the POST mode.

[kevincai]

it is better to eliminate the token, turn to signature validation, no matter it is a get or post.

That is:

client: sign the url with the token, generate a signature and append the signature as a query parameter. server: use the token to generate the signature again, if the signature matches the one in query url, the validation passed, otherwise reject the request.

This way the token will be never transfterred in wire in plaintext.

[xyllq999]

it is better to eliminate the token, turn to signature validation, no matter it is a get or post.

That is:

client: sign the url with the token, generate a signature and append the signature as a query parameter. server: use the token to generate the signature again, if the signature matches the one in query url, the validation passed, otherwise reject the request.

This way the token will be never transfterred in wire in plaintext.

You have a good point. However, I think that such a change is too big for a PR, and I may not be able to complete the change perfectly and ensure the compatibility of upgrades and downgrades. Therefore, I wonder if I can change the mode to POST to prevent tokens from being printed in plaintext in logs. As for the plaintext transmission problem, we have transformed HTTP into HTTPS internally. However, this code cannot be contributed to the community. We use our own encryption and decryption.

[kevincai]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

[xyllq999]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

Internal heartbeat interfaces are not sensed by external invoking. Why is there a compatibility problem?

[xyllq999]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

So do you prefer to call a function that shields tokens where the URL is printed?

[kevincai]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

Internal heartbeat interfaces are not sensed by external invoking. Why is there a compatibility problem?

during the upgrade/downgrade in a HA cluster, the new leader can't probe the follower in older version, which leads to wrong state/aliveness judgement.

[kevincai]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

So do you prefer to call a function that shields tokens where the URL is printed?

If it can't be eliminated at all for now, just mask it as a lazy workaround.

[xyllq999]

It will also introduce compatibility between upgrade and downgrade by changing from GET to POST. The compatibility issue can't be avoided either way.

So do you prefer to call a function that shields tokens where the URL is printed?

If it can't be eliminated at all for now, just mask it as a lazy workaround.

Know what you mean, thanks for answering my questions, and I'll submit my code as soon as possible.