Examples: Review todoapp-mvc server for UnsafeEntityLogging secure default (#446)

[adrianhall]

Summary

v10.1.0 adds the UnsafeEntityLogging option to TableControllerOptions (see #446). When false (the new default) only the entity ID is logged at Information level and the full serialized entity is never written to the logs; when true the full serialized entity is logged at Debug.

This sample is not the docs-tutorial walkthrough (it is the TodoMVC sample referenced from the server/client tutorials), so it should keep the secure default (UnsafeEntityLogging = false). This issue tracks reviewing the sample against v10.1.0 and explicitly documenting the secure default.

Change required

Review the server project samples/todoapp-mvc/TodoApp.Service:

• Controllers/TodoItemsController.cs

This controller does not currently configure TableControllerOptions, so UnsafeEntityLogging already defaults to the secure value of false. Optionally add a brief comment (or explicit Options block) documenting that entity logging is intentionally left disabled to avoid logging potentially sensitive entity contents.

Acceptance criteria

• UnsafeEntityLogging remains false (default) in this sample.
• The deliberate secure default is documented (comment or explicit Options).
• The sample builds and runs against v10.1.0.

Related

• Server changes: SECURITY: Add TableOptions flag for unsafe entity logging #446 (this). SECURITY: Remove conflicting record when IAccessControlProvider says you can't see it #445 and SECURITY: UnauthorizedStatusCode is configurable to arbitrary values #447 have no sample-code impact (no out-of-range UnauthorizedStatusCode is set, and the conflict-hiding change is internal).