Alexey Serbin has posted comments on this change. Change subject: security: initial work on token creation and verification ......................................................................
Patch Set 2: (1 comment) http://gerrit.cloudera.org:8080/#/c/5796/2/src/kudu/security/token_verifier.cc File src/kudu/security/token_verifier.cc: PS2, Line 60: // Sanity check the key. : CHECK(!pb.has_private_key_der()); This check might present some security complications: if the private key is present, the process will crash and that private key would be ready to pick up from the core file. Consider replacing this with DCHECK() at least. >From other other side, if using different proto structures for signing and >verification, no such checks would be necessary. -- To view, visit http://gerrit.cloudera.org:8080/5796 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iaf53ae50082d69028315952ac0732af6a83ffdbe Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-HasComments: Yes