On 28.07.2015 21:36, Dmitriy Setrakyan wrote: >> Cos, we are not talking about checking binaries. We are planning to > support > >>> GIT/SVN/etc repositories with a POM file. This way we simply build it >>> using maven ourselves and deploy it. >> Well, even worst IMO. Why would you want to run an external build >> process as a part of the nodes deployment? This will pose a security risk >> in the production deployment and you will have to find a way to disable this >> in some case and allow it in the others, no? >> > Our Docker container right now does exactly that. The workflow is as > following: > > 1. user changes code in a GIT repo > 2. the GIT repo is provided as a parameter at docker container startup > 3. docker builds the code and deploys it into Ignite > 4. docker starts an Ignite server > > This is very convenient for a user, especially during development. What I > wanted to do with "deploy(...)" method, is add the same level of > convenience directly from client code.
It's very convenient for users not to set a password on their computer or mobile device, too. > Why do you think it will be a security risk? It's called a remote code execution exploit. Anyone who has write access to the repo (i.e., anyone who can hack in) can change the deployed code and DOS your whole cluster. -- Brane
