Examples: Review datasync-server-cosmosdb-singlecontainer sample for UnsafeEntityLogging secure default (#446)

[adrianhall]

Summary

v10.1.0 adds the UnsafeEntityLogging option to TableControllerOptions (see #446). When false (the new default) only the entity ID is logged at Information level and the full serialized entity is never written to the logs; when true the full serialized entity is logged at Debug.

This sample is not the docs-tutorial walkthrough, so it should keep the secure default (UnsafeEntityLogging = false). This issue tracks reviewing the sample against v10.1.0 and explicitly documenting the secure default.

Change required

Review samples/datasync-server-cosmosdb-singlecontainer/src:

• Controllers/TodoItemController.cs
• Controllers/TodoListController.cs (already sets Options = new TableControllerOptions { EnableSoftDelete = true })

Confirm UnsafeEntityLogging is left at its secure default of false. Optionally add a brief comment near the TableControllerOptions usage noting the option exists and is intentionally left disabled to avoid logging potentially sensitive entity contents.

Acceptance criteria

• UnsafeEntityLogging remains false (default) in this sample.
• A comment documents the deliberate secure default where TableControllerOptions is configured.
• The sample builds and runs against v10.1.0.

Related

• Server changes: SECURITY: Add TableOptions flag for unsafe entity logging #446 (this). SECURITY: Remove conflicting record when IAccessControlProvider says you can't see it #445 and SECURITY: UnauthorizedStatusCode is configurable to arbitrary values #447 have no sample-code impact (no out-of-range UnauthorizedStatusCode is set, and the conflict-hiding change is internal).