----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62088/#review184594 -----------------------------------------------------------
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java Line 92 (original), 92 (patched) <https://reviews.apache.org/r/62088/#comment260757> This comment is a bit confusing. For this boolean I think it defaults to TRUE because Boolean.getBoolean returns FALSE if the sys prop is not defined and the code negates that. The comment says it defaults to OFF which I would think means FALSE. I think this javadoc should tell you what this boolean does if it is true and what it does if it is false. It would probably be more helpful to say what setting geode.disallow-internal-messages-without-credentials to true does since that is the non-default behavior. - Darrel Schneider On Sept. 5, 2017, 10:57 a.m., Bruce Schuchardt wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62088/ > ----------------------------------------------------------- > > (Updated Sept. 5, 2017, 10:57 a.m.) > > > Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh > Khamesra, and Udo Kohlmeyer. > > > Bugs: GEODE-3249 > https://issues.apache.org/jira/browse/GEODE-3249 > > > Repository: geode > > > Description > ------- > > This change leaves the security hole in place but allows you to plug it by > setting the system property > > geode.disallow-internal-messages-without-credentials=true > > Clients must be upgraded to the release containing this change if you set > this system property to true and client/server authentication is enabled. > Otherwise client messages to register PDX types or Instantiators will be > rejected by the servers. > > > Diffs > ----- > > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java > b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7 > > > Diff: https://reviews.apache.org/r/62088/diff/1/ > > > Testing > ------- > > > Thanks, > > Bruce Schuchardt > >
