After much discussion with the DNS and security folks, we've decided on a way to address the potential security issue of allowing an attacker to inject a service config with a large number of retries or hedged requests. We will do this by imposing an upper bound on the max number of retries or hedged requests that are configurable via the service config. That upper bound will be 5 by default, but applications will be able to explicitly override it if needed via a channel argument.
This approach not only limits the damage that can be caused by a malicious attacker but also damage that can be caused by a simple typo. Noah, can you please add a section about this to the design doc? Thanks! On Fri, Feb 10, 2017 at 4:31 PM, ncteisen via grpc.io < grpc-io@googlegroups.com> wrote: > I've created a gRFC describing the design and implementation plan for gRPC > Retries. > > Take a look at the gRPC on Github > <https://github.com/grpc/proposal/pull/12>. > > -- > You received this message because you are subscribed to the Google Groups " > grpc.io" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to grpc-io+unsubscr...@googlegroups.com. > To post to this group, send email to grpc-io@googlegroups.com. > Visit this group at https://groups.google.com/group/grpc-io. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/grpc-io/30e29cbc-439c-46c4-b54f-6e97637a0735%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/30e29cbc-439c-46c4-b54f-6e97637a0735%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Mark D. Roth <r...@google.com> Software Engineer Google, Inc. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAJgPXp6Hws5dbbajfrjXb_RgwM4ZqhB9V4C5VsVL2r5wS1ygUQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
