I just updated the reference docs for Gremlin Server to include some more wording on security. I just wanted to make it more clear that Gremlin Server executes arbitrary code. I like to think people get that and understand the implications of what that means from a security perspective, but..........
I didn't add much more on "how to secure Gremlin Server" because I think what we allow for is pretty much well documented: 1. Authentication 2. Encryption 3. Script Execution Management I feel like there might be a fourth category that involves discussing how to physically protect Gremlin Server with firewall/network stuff, but I'm probably not the best person to write that (or it's simply out of scope for our reference docs). If someone else has experience with that sort of thing and wants to provide advice, a pull request in that area would be nice. I also wonder if we shouldn't allow Gremlin Server to be run without the script execution enabled. In other words, just allow the TraversalOpProcessor to execute incoming requests - make it work in a GLV-only mode basically. Obviously lambdas wouldn't work but that might be fine for many applications. Any thoughts?
