I agree that this is a security issue.
Ryan King commented on THRIFT-1205:
Thrift is not design for public facing services.
This is not a valid argument, IMHO.
This may be correct if we look today at the intention.
But you really have no idea what people will do with the framework tomorow.
Toby Thain commented on THRIFT-1205:
Fair enough, but:
* it will inevitably be used in this way, unless (even if) there is a big
disclaimer somewhere (did I miss it?)
Yep. That's exactly what I'm saying. People will do this, because they can.
Crashing a server this way is not acceptable. Period.
$0,02
JensG
