[
https://issues.apache.org/jira/browse/GEODE-3249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16128046#comment-16128046
]
ASF subversion and git services commented on GEODE-3249:
--------------------------------------------------------
Commit f8e7ddd5e4696907ce60a14f581ef1ca83e65232 in geode's branch
refs/heads/feature/GEODE-3249b from [~bschuchardt]
[ https://git-wip-us.apache.org/repos/asf?p=geode.git;h=f8e7ddd ]
GEODE-3249: Validate internal client/server messages
This was merely a matter of changing the server to require the credentials
and changing the client to send credentials. I removed the general overriding
of AbstractOp.processSecureBytes() because it made no sense. If the server
sends a secure byte "part" in a message the client is obligated to process
it or the next message it sends will cause a security violation.
I've added a server-side property that folks can set to allow old clients
to continue to work. This must be used to roll the servers forward to the
new version that contains this change. Clients must then be rolled
forward & the servers can then be rolled once again without the property set.
The system property is
geode.allow-internal-messages-without-credentials=true
> Validate internal client/server messages
> ----------------------------------------
>
> Key: GEODE-3249
> URL: https://issues.apache.org/jira/browse/GEODE-3249
> Project: Geode
> Issue Type: Bug
> Components: messaging
> Reporter: Anthony Baker
> Assignee: Bruce Schuchardt
> Fix For: 1.2.1
>
>
> Some message types can not be invoked directly by an end user. For
> validation purposes, we should treat these messages the same way we treat
> normal messages.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
