geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-3249) Validate internal client/server messages
Date Fri, 08 Sep 2017 18:14:02 GMT

    [ https://issues.apache.org/jira/browse/GEODE-3249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16159054#comment-16159054
] 

ASF subversion and git services commented on GEODE-3249:
--------------------------------------------------------

Commit abbb359fe59ea3e74462fe48890918108a0edda3 in geode's branch refs/heads/develop from
[~bschuchardt]
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=abbb359 ]

GEODE-3249 Validate internal client/server messages

This change leaves the security hole in place but allows you to plug
it by setting the system property

geode.disallow-internal-messages-without-credentials=true

Clients must be upgraded to the release containing this change if you
set this system property to true and client/server authentication is
enabled.  Otherwise client messages to register PDX types or
Instantiators will be rejected by the servers.

New tests have been added to perform backward-compatibility testing
with the old security implementation and the internal message command
classes have been modified to perform validation of credentials if
the system property is set to true.


> Validate internal client/server messages
> ----------------------------------------
>
>                 Key: GEODE-3249
>                 URL: https://issues.apache.org/jira/browse/GEODE-3249
>             Project: Geode
>          Issue Type: Bug
>          Components: docs, messaging
>            Reporter: Anthony Baker
>            Assignee: Bruce Schuchardt
>             Fix For: 1.3.0, 1.2.1
>
>
> Some message types can not be invoked directly by an end user.  For validation purposes,
we should treat these messages the same way we treat normal messages.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message