Don't expose data in data containers' default toString()

Description

Unlike driver 3, driver 4's Row.toString() doesn't output the values.

The rationale is security; it makes it too easy to accidentally leak data in application logs:

(think SSN, banking info...)

I think we can still expose a pretty-print method (a few people have already inquired about it), but it should be under a specific name (suggestion: getFormattedContents()), so that using it is a conscious effort.

We should also set guardrails for large blobs / strings, etc. Let's keep it simple and hard-code some sensible limits (no RowContentsFormattingFactory please).

Explain the security concerns in getFormattedContents's javadocs. Redeclare toString on the interfaces, only to override the javadocs and explain that it does not print the data, and link to getFormattedContents.

Arguably we should do the same for UdtValue and TupleValue (currently they print the data).

Environment

None

Pull Requests

None

Status

Assignee

Olivier Michallat

Reporter

Olivier Michallat

Labels

PM Priority

None

Affects versions

None

Fix versions

Pull Request

None

Doc Impact

None

Size

None

External issue ID

None

External issue ID

None

Priority

Minor
Configure