Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 92BD5200CFD for ; Wed, 6 Sep 2017 21:44:03 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 9135C1609E2; Wed, 6 Sep 2017 19:44:03 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D67811609C0 for ; Wed, 6 Sep 2017 21:44:02 +0200 (CEST) Received: (qmail 92100 invoked by uid 500); 6 Sep 2017 19:44:01 -0000 Mailing-List: contact dev-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list dev@geode.apache.org Received: (qmail 92088 invoked by uid 99); 6 Sep 2017 19:44:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Sep 2017 19:44:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BD7E3183CA6 for ; Wed, 6 Sep 2017 19:44:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.481 X-Spam-Level: ** X-Spam-Status: No, score=2.481 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, HTML_OBFUSCATE_05_10=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=pivotal-io.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id CleM_6Myn-g8 for ; Wed, 6 Sep 2017 19:43:58 +0000 (UTC) Received: from mail-lf0-f47.google.com (mail-lf0-f47.google.com [209.85.215.47]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 8AA0A61067 for ; Wed, 6 Sep 2017 19:43:57 +0000 (UTC) Received: by mail-lf0-f47.google.com with SMTP id q132so19966908lfe.5 for ; Wed, 06 Sep 2017 12:43:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pivotal-io.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kVrZJNSFQRILTN60pgGt1gtrrCGq1lMjT7LsvCtJfpI=; b=XK8wI5lH7GT8Li2PAaemxY7vdbjVWtMbJ98l9N+7CFDTS/wwjmh/sz3z79101Z50rs e/ao0PDR8bm5rAqxjoXiKgNcpKElAr0Q2NkMuVlHW6UBqFeaqODaEcvwoV7fEFMJdBJ0 u1ScmwdqxPTN9GXh02i3s11Rl/Fz6MYfBU7kFvZBN3HJXuJwzehe+u2eiQtBBw1IThib JJetT5GQ5LLZLLJZeovYg4NsX0yBUrgwcqqpOJU8pCv7/oyXk9kSI2i+ShbE1/oaNy9K FKbtt0QQA43YxV7AtgAH0hiaTLcwD1AKFfcQ4OeehlkOf+BuPmPeejsCGMgMjbEB+kgs 5wog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kVrZJNSFQRILTN60pgGt1gtrrCGq1lMjT7LsvCtJfpI=; b=RXOY0kXV0GOXM7fKXXg38GoLHixtgNLhnzYk9BAAHjujEevVNrJB+VQNMFNoCpBtNA Cr0QeCQT91WtHrC8jNOgVP2J4ukZbDXVcJfyRaLi1Hfm7ZHTkbTvGe+3mnaIq/GXnrQZ zY12cQGxSaIpd2q2XJaZw8bkbj16H/yCnggzM3uXzscNdaCa7RKL/wrT1rUOs+qXy+Qy RZ7cHOOwjjy5I8jhK8jvpzXzW1mapBhES9FBXpUnDSasEVQMI6DchPQITldcsqO7Exbo qzsXKQwh6S16O0i9KT9egzA7x5fIQoXd2He8TA6OfFIN1uiANMm2P/VYYVHXNkVQUZaG EsZw== X-Gm-Message-State: AHPjjUjCTmjduL4UPZOYDD0z5b1vYxrJ9ryaBX6OBV/eZkurlF9MnlHh FrHUMp1xkXJ0fiUdIQ9cR9x74/ingN78 X-Google-Smtp-Source: ADKCNb5lVnrSifH0aS67uA7xrlZEpyfP/0D4RdRRr897IFpo3CFmXjfbnFUKKZ8FOAtVUi2RL0AghSJQXsQ+2H22CHY= X-Received: by 10.46.68.66 with SMTP id r63mr83351lja.145.1504727036210; Wed, 06 Sep 2017 12:43:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.22.18 with HTTP; Wed, 6 Sep 2017 12:43:55 -0700 (PDT) Received: by 10.46.22.18 with HTTP; Wed, 6 Sep 2017 12:43:55 -0700 (PDT) In-Reply-To: <6e04e050-ea4f-f916-2f17-df940cc16e98@pivotal.io> References: <20170906000903.63444.51098@reviews-vm2.apache.org> <20170906154722.26227.13231@reviews-vm2.apache.org> <6e04e050-ea4f-f916-2f17-df940cc16e98@pivotal.io> From: Brian Baynes Date: Wed, 6 Sep 2017 12:43:55 -0700 Message-ID: Subject: Re: Review Request 62088: GEODE-3249 Validate internal client/server messages To: Bruce Schuchardt Cc: dev@geode.apache.org Content-Type: multipart/alternative; boundary="94eb2c1cdef07a4a1205588a9089" archived-at: Wed, 06 Sep 2017 19:44:03 -0000 --94eb2c1cdef07a4a1205588a9089 Content-Type: text/plain; charset="UTF-8" Ah, I see. Makes sense. On Sep 6, 2017 12:23 PM, "Bruce Schuchardt" wrote: I think we will want to remove this property in the next major release and have the behavior it enables be how the servers always act. On 9/6/17 10:23 AM, Brian Baynes wrote: In this case, won't we be changing the default of this property with the next major release? So perhaps the choice is to follow the default=false convention now, or with the next major release..? On Wed, Sep 6, 2017 at 8:47 AM, Bruce Schuchardt wrote: > > > > On Sept. 5, 2017, 5:09 p.m., Galen O'Sullivan wrote: > > > I prefer config option names to be as unambiguous as possible. I think > `allow` would be clearer than `disallow` because it avoids > double-negatives. Can we use > > > `allow-internal-messages-without-credentials` and have it default to > `true`? > > In general Java properties ought to default to _false_ if they aren't > set. We've had other properties default to _true_ in the past and they > were awkward. > > > - Bruce > > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62088/#review184608 > ----------------------------------------------------------- > > > On Sept. 5, 2017, 10:57 a.m., Bruce Schuchardt wrote: > > > > ----------------------------------------------------------- > > This is an automatically generated e-mail. To reply, visit: > > https://reviews.apache.org/r/62088/ > > ----------------------------------------------------------- > > > > (Updated Sept. 5, 2017, 10:57 a.m.) > > > > > > Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh > Khamesra, and Udo Kohlmeyer. > > > > > > Bugs: GEODE-3249 > > https://issues.apache.org/jira/browse/GEODE-3249 > > > > > > Repository: geode > > > > > > Description > > ------- > > > > This change leaves the security hole in place but allows you to plug it > by setting the system property > > > > geode.disallow-internal-messages-without-credentials=true > > > > Clients must be upgraded to the release containing this change if you > set this system property to true and client/server authentication is > enabled. Otherwise client messages to register PDX types or Instantiators > will be rejected by the servers. > > > > > > Diffs > > ----- > > > > geode-core/src/main/java/org/apache/geode/internal/cache/ti > er/sockets/ServerConnection.java b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7 > > > > > > Diff: https://reviews.apache.org/r/62088/diff/1/ > > > > > > Testing > > ------- > > > > > > Thanks, > > > > Bruce Schuchardt > > > > > > --94eb2c1cdef07a4a1205588a9089--