geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <>
Subject [jira] [Commented] (GEODE-3249) Validate internal client/server messages
Date Fri, 08 Sep 2017 18:59:00 GMT


ASF subversion and git services commented on GEODE-3249:

Commit 0b881b515eb1dcea974f0f5c1b40da03d42af9cf in geode's branch refs/heads/release/1.2.1
from [~bschuchardt]
[;h=0b881b5 ]

GEODE-3249 Validate internal client/server messages

This change leaves the security hole in place but allows you to plug
it by setting the system property


Clients must be upgraded to the release containing this change if you
set this system property to true and client/server authentication is
enabled.  Otherwise client messages to register PDX types or
Instantiators will be rejected by the servers.

New tests have been added to perform backward-compatibility testing
with the old security implementation and the internal message command
classes have been modified to perform validation of credentials if
the system property is set to true.

(cherry picked from commit abbb359fe59ea3e74462fe48890918108a0edda3)

> Validate internal client/server messages
> ----------------------------------------
>                 Key: GEODE-3249
>                 URL:
>             Project: Geode
>          Issue Type: Bug
>          Components: docs, messaging
>            Reporter: Anthony Baker
>            Assignee: Bruce Schuchardt
>             Fix For: 1.3.0, 1.2.1
> Some message types can not be invoked directly by an end user.  For validation purposes,
we should treat these messages the same way we treat normal messages.

This message was sent by Atlassian JIRA

View raw message