You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2021/10/04 09:54:16 UTC
[brooklyn-docs] branch master updated: tidy grammar and clarity for
sensitive-field blocking
This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
The following commit(s) were added to refs/heads/master by this push:
new dae1171 tidy grammar and clarity for sensitive-field blocking
dae1171 is described below
commit dae1171d62b0992415c7bdcc7e01dd3b69924911
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Mon Oct 4 10:53:09 2021 +0100
tidy grammar and clarity for sensitive-field blocking
---
guide/ops/security-guidelines.md | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/guide/ops/security-guidelines.md b/guide/ops/security-guidelines.md
index b55d857..43d4bdc 100644
--- a/guide/ops/security-guidelines.md
+++ b/guide/ops/security-guidelines.md
@@ -167,9 +167,12 @@ This does not apply to default values specified for parameters or to values supp
as it is expected in these contexts that users are less likely to accidentally supply sensitive values in plaintext.
All functions and complex objects, including mechanisms such as `$brooklyn:literal("value")` (to escape at design-time
-and evaluate as `value` at runtime). It can optionally be further restricted to exclude DSL values and complex objects
-whose string representation (unresolved) contains selected tokens or phrases. For example to prevent the usage of
-the `literal` DSL function anywhere in a supplied expression, the following setting can be used:
+and evaluate as `value` at runtime), are permitted as values.
+Sensitive field blocking can optionally be further restricted to exclude selected DSL values and complex objects
+where the string representation (unresolved `toString`) contains selected tokens or phrases, by using the
+`brooklyn.security.sensitive.fields.ext.blocked.phrases` configuration property.
+For example to prevent the usage of the `literal` DSL function anywhere in a supplied expression,
+the following setting can be used:
```
brooklyn.security.sensitive.fields.ext.blocked.phrases = [ "$brooklyn:literal" ]