From: "Gabriel Goller" <g.goller@proxmox.com>
To: "Christian Ebner" <c.ebner@proxmox.com>,
"Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH v4 proxmox{, -backup} 0/2] close #4763: client: added command to forget backup group
Date: Thu, 18 Apr 2024 13:49:47 +0200 [thread overview]
Message-ID: <D0N84Z1PG1XJ.2BVOZ5OIIB5PN@proxmox.com> (raw)
In-Reply-To: <0cd4ba97-d69e-41e2-b0e0-b36272f50b1d@proxmox.com>
On Thu Apr 18, 2024 at 12:24 PM CEST, Christian Ebner wrote:
> >> When one tries to delete a non existing group, the dialog asks me for
> >> confirmation, failing however afterwards with an error message, leaking
> >> also the datastore path to the client. While the former is not an issue
> >> and the intention is to be able to remove empty groups, the latter is
> >> not okay in my opinion.
> >> So either check if the group even exists before asking for confirmation,
> >> or map the error to not leak the datastore path.
> >
> > The thing is that we don't differentiate between an empty group or a
> > nonexistent group — at least when using the api. This means that even
> > the list-groups api call will **not** return a group if it doesn't contain
> > any snapshots, but deleting it will succeed (because it still exists) >
> > What we can do is obviously ignore the error message and simply return a
> > generic "failed to remove group" or "group not found" to avoid leaking
> > stuff. Although debugging a issue will be much harder with these vague
> > error messages.
> >
> > IMO leaking the datastore is not a big issue, as the client can also
> > list task logs and the datastore path is going to be visible in there as
> > well.
>
> It is not a big issue, agreed, but nevertheless an information leak. But
> you are right, the task log does contain that information as well, so
> there is at least no additional information here. Given that, this is
> fine I guess.
As this particular error (group not found) is very common, I added a
branch that matches this error and rephrases it without the datastore
path.
Submitted a new version!
_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
prev parent reply other threads:[~2024-04-18 11:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-07 12:51 Gabriel Goller
2023-12-07 12:51 ` [pbs-devel] [PATCH v4 proxmox 1/2] router: cli: added `ask_for_confirmation` helper Gabriel Goller
2023-12-07 12:51 ` [pbs-devel] [PATCH v4 proxmox-backup 2/2] close #4763: client: added command to forget backup group Gabriel Goller
2024-04-09 9:02 ` [pbs-devel] [PATCH v4 proxmox{, -backup} 0/2] " Gabriel Goller
2024-04-17 14:15 ` Christian Ebner
2024-04-17 14:26 ` Christian Ebner
2024-04-18 9:13 ` Gabriel Goller
2024-04-18 10:24 ` Christian Ebner
2024-04-18 11:49 ` Gabriel Goller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D0N84Z1PG1XJ.2BVOZ5OIIB5PN@proxmox.com \
--to=g.goller@proxmox.com \
--cc=c.ebner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.