[Standards] eventlogging xeps
uolevi at gmail.com
Tue Dec 10 17:37:22 UTC 2013
Section 7.3.2 Publish/Subscribe describes: "Event messages could be
published using Publish-Subscribe. But, even more care should be taken
to log only information that can be published openly. If there's risk
for sensitive information to be logged, the publish/subscribe pattern
should be avoided."
If information is sensitive, the information should not be logged, as
said in 7.2. Do you mean that if sensitive information is still sent
using pubsub, there are more actors (pubsub server, subscribers) that
might log and/or leak the sensitive information and because of that
the pubsub pattern should be avoided?
Would it be wise to move the second line "But, even more care should
be taken to log only information that can be published openly.", e.g.,
to section 7.2. because it relates also to other cases than pubsub?
Could the last sentence be something more like: "If there's risk for
sensitive information to be logged, the publish/subscribe pattern
should be avoided in systems that contain any not trusted or any
uncontrolled actors." That is because we could have a setup where we
have a trusted pubsub server and we log (also) sensitive information
in several trusted subscribers/loggers.
More information about the Standards