stephen mallette created TINKERPOP-1843:
-------------------------------------------
Summary: Provide method to disable scripting in Gremlin Server
Key: TINKERPOP-1843
URL: https://issues.apache.org/jira/browse/TINKERPOP-1843
Project: TinkerPop
Issue Type: Improvement
Components: server
Affects Versions: 3.2.6
Reporter: stephen mallette
Allowing the processing of remote scripts in Gremlin Server has important
security issues that should be considered when deploying it. While we have
documentation that explains the issue of "scripts" we could also consider the
ability for Gremlin Server to be configured in a fashion where it only allowed
bytecode based processing. Obviously, this approach has some drawbacks as the
Gremlin Console would no longer work with this configuration turned on (users
would have to user remote traversals/bytecode from the console to connect to
their graph).
Eventually, we could probably have Gremlin Server running in this fashion by
default/out-of-the-box, but we'd have to reserve that approach for when a
breaking change was allowed in versioning (at this point 3.4.x).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
