I think we will want to remove this property in the next major release
and have the behavior it enables be how the servers always act.
On 9/6/17 10:23 AM, Brian Baynes wrote:
In this case, won't we be changing the default of this property with
the next major release? So perhaps the choice is to follow the
default=false convention now, or with the next major release..?
On Wed, Sep 6, 2017 at 8:47 AM, Bruce Schuchardt
<bschucha...@pivotal.io <mailto:bschucha...@pivotal.io>> wrote:
> On Sept. 5, 2017, 5:09 p.m., Galen O'Sullivan wrote:
> > I prefer config option names to be as unambiguous as possible.
I think `allow` would be clearer than `disallow` because it avoids
double-negatives. Can we use
> > `allow-internal-messages-without-credentials` and have it
default to `true`?
In general Java properties ought to default to _false_ if they
aren't set. We've had other properties default to _true_ in the
past and they were awkward.
- Bruce
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62088/#review184608
<https://reviews.apache.org/r/62088/#review184608>
-----------------------------------------------------------
On Sept. 5, 2017, 10:57 a.m., Bruce Schuchardt wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62088/
<https://reviews.apache.org/r/62088/>
> -----------------------------------------------------------
>
> (Updated Sept. 5, 2017, 10:57 a.m.)
>
>
> Review request for geode, Alexander Murmann, Galen O'Sullivan,
Hitesh Khamesra, and Udo Kohlmeyer.
>
>
> Bugs: GEODE-3249
> https://issues.apache.org/jira/browse/GEODE-3249
<https://issues.apache.org/jira/browse/GEODE-3249>
>
>
> Repository: geode
>
>
> Description
> -------
>
> This change leaves the security hole in place but allows you to
plug it by setting the system property
>
> geode.disallow-internal-messages-without-credentials=true
>
> Clients must be upgraded to the release containing this change
if you set this system property to true and client/server
authentication is enabled. Otherwise client messages to register
PDX types or Instantiators will be rejected by the servers.
>
>
> Diffs
> -----
>
>
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7
>
>
> Diff: https://reviews.apache.org/r/62088/diff/1/
<https://reviews.apache.org/r/62088/diff/1/>
>
>
> Testing
> -------
>
>
> Thanks,
>
> Bruce Schuchardt
>
>