From dev-return-31243-archive-asf-public=cust-asf.ponee.io@geode.apache.org Fri Jun 14 23:40:02 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0001B18062F for ; Sat, 15 Jun 2019 01:40:01 +0200 (CEST) Received: (qmail 21773 invoked by uid 500); 14 Jun 2019 23:40:01 -0000 Mailing-List: contact dev-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list dev@geode.apache.org Received: (qmail 21760 invoked by uid 99); 14 Jun 2019 23:40:00 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Jun 2019 23:40:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 03004C06A0 for ; Fri, 14 Jun 2019 23:40:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.311 X-Spam-Level: * X-Spam-Status: No, score=1.311 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 1bc_8v4vkZUC for ; Fri, 14 Jun 2019 23:39:58 +0000 (UTC) Received: from mx0a-00296801.pphosted.com (mx0a-00296801.pphosted.com [148.163.150.38]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 64AD45FBA3 for ; Fri, 14 Jun 2019 23:39:57 +0000 (UTC) Received: from pps.filterd (m0114581.ppops.net [127.0.0.1]) by mx0a-00296801.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x5ENaSJd026370 for ; Fri, 14 Jun 2019 23:39:55 GMT Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by mx0a-00296801.pphosted.com with ESMTP id 2t03mgedjs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 14 Jun 2019 23:39:55 +0000 Received: by mail-ed1-f70.google.com with SMTP id b33so5688098edc.17 for ; Fri, 14 Jun 2019 16:39:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Xz+wH5vTr715PsddWY7JFpdd1p0ApfQCewwb8Eywcpo=; b=rHSq+4vJ9g1tYg5VMl4BViCoiRe2pFx6F+IXrF8YlUpzU7o7N06ctKgvc3Xxty9YFy +JpVLAaXgc5Mw9cezcITgrbTOYruVmApZ2tJ/yxEdV+M5+A60hBYQZUE0uAKFapussQC FgsIXYoMyneMC0vl6+74fj3GW7/8GoDyZ47HVLrnDmlhXE6k7aspc5S26eSaayJ5DnlX j5mwJ8/kfWBP6dwJiHL7gZ77fz/0SECteOeZjWVv0kmRqrAyD9Fq2dkaKb3fC/9mu8rk aNGfPZbbCk220zVxXP4HpAW8xJp+Y7YLvO6GyZLv0gfAh2MlfZWzy7qxA2ONBHpCsFfn gYgQ== X-Gm-Message-State: APjAAAXnQmdABBuXfBtcVgVrjbU2n4ePmMLLbZBjLaqmKHxTrnd4x9bD DX5Mu1Vm6l1A7gGwjJADW+1EtXjxmh77TSss036++ieFbBSlcvCL0a0t2uLUZCH3w8GFKqG5HKG Y99XYJoLtakjyH38AkHjvxu0CgpbF5qmTkVX437xaahhC2Tx3oEa857k= X-Received: by 2002:a50:90af:: with SMTP id c44mr77284705eda.126.1560555593289; Fri, 14 Jun 2019 16:39:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqwFL2ELFlx2zdpOnu18lP/bO1YaJoWL3PQl6bil1wIczrU6G8DHA89DbYRkV3I3UBk5Ks4W5UN1wJSE7xXu7Pk= X-Received: by 2002:a50:90af:: with SMTP id c44mr77284689eda.126.1560555592993; Fri, 14 Jun 2019 16:39:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?Juan_Jos=C3=A9_Ramos?= Date: Sat, 15 Jun 2019 00:39:42 +0100 Message-ID: Subject: Re: [PROPOSAL]: Improve OQL Method Invocation Security To: dev@geode.apache.org Content-Type: multipart/alternative; boundary="000000000000c5ec09058b51292e" X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-06-14_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=953 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906140187 --000000000000c5ec09058b51292e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey Jake, Thanks for bringing this up. As you might have found out already, english is not my native language, I actually had to do some research to find out *exactly what you meant* regarding the bias around the "whitelist" word :-|... It was an honest mistake and I sincerely apologize in advance if anyone got offended in any way. That said, I won't have time to go through the proposal and make the required changes until next week, so I'll keep the document hidden until all biased words are replaced. Cheers. On Sat, Jun 15, 2019 at 12:25 AM Jacob Barrett wrote: > > As part of GEODE-3247 , > several options were analysed and, after considering the wealth of securi= ty > holes and the difficulty of determining which methods deployed by the > developer were intended to be available for queries and which were not, t= he > decision was made to tighten up the Security and, by default, disallow an= y > method call not explicitly whitelisted. > > Please avoid biased words, like whitelist, in source and proposals. There > are several other places in this document that use these terms. Can you > please update the document without them. > > Thanks, > Jake > > --=20 Juan Jos=C3=A9 Ramos Cassella Senior Technical Support Engineer Email: jramos@pivotal.io Office#: +353 21 4238611 Mobile#: +353 87 2074066 After Hours Contact#: +1 877 477 2269 Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT How to upload artifacts: https://support.pivotal.io/hc/en-us/articles/204369073 How to escalate a ticket: https://support.pivotal.io/hc/en-us/articles/203809556 [image: support] [image: twitter] [image: linkedin] [image: facebook] [image: google plus] [image: youtube] --000000000000c5ec09058b51292e--