stephen mallette created TINKERPOP-1843: -------------------------------------------
Summary: Provide method to disable scripting in Gremlin Server Key: TINKERPOP-1843 URL: https://issues.apache.org/jira/browse/TINKERPOP-1843 Project: TinkerPop Issue Type: Improvement Components: server Affects Versions: 3.2.6 Reporter: stephen mallette Allowing the processing of remote scripts in Gremlin Server has important security issues that should be considered when deploying it. While we have documentation that explains the issue of "scripts" we could also consider the ability for Gremlin Server to be configured in a fashion where it only allowed bytecode based processing. Obviously, this approach has some drawbacks as the Gremlin Console would no longer work with this configuration turned on (users would have to user remote traversals/bytecode from the console to connect to their graph). Eventually, we could probably have Gremlin Server running in this fashion by default/out-of-the-box, but we'd have to reserve that approach for when a breaking change was allowed in versioning (at this point 3.4.x). -- This message was sent by Atlassian JIRA (v6.4.14#64029)