ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ilya Kasnacheev <ilya.kasnach...@gmail.com>
Subject Re: Timeline for support of compute functions by thin clients
Date Wed, 04 Apr 2018 10:05:11 GMT
Hello!

> checksum of uploaded java code

I argue not for Java code but for javascript/nashorn. Ruby or PHP guys
won't be happy about writing java, but they can easily do JS.

(If we wanted Java, we could make it service grid-oriented. Which is an
interesting idea btw. We can frame local computations as service methods,
let thin clients invoke them. No code sending necessary in this case.)

Otherwise your suggestions look reasonable. The only thing I'll add, let's
make it a configuration field and not IGNITE_ define for usability.

Regards,

-- 
Ilya Kasnacheev

2018-04-04 12:55 GMT+03:00 Sergey Kozlov <skozlov@gridgain.com>:

> Hi
>
> We can introduce the rules to use compute tasks execution:
>  1. Disable by default that feature (enabling will require change a
> configuration property and restart cluster)
>  2. Disable by default code sending in the cluster  (enabling will require
> change  a configuration property and restart cluster)
>  3. White list of allowed compute tasks: we can collect sha256 checksums
> for codes and allow to execute a task only if checksum of uploaded java
> code is listed in the white list.
>
> On Wed, Apr 4, 2018 at 11:26 AM, Dmitriy Setrakyan <dsetrakyan@apache.org>
> wrote:
>
> > On Tue, Apr 3, 2018 at 5:48 PM, Valentin Kulichenko <
> > valentin.kulichenko@gmail.com> wrote:
> >
> > > Dmitry,
> > >
> > > I just think that it's natural to have this functionality and that it
> > would
> > > drastically increase flexibility of thin client. Multiple requests from
> > > users (one of them in this thread) seem to confirm this. At the same
> > time,
> > > I don't see much technical challenge here (like with near caches or
> > > continuous queries for example), and therefore don't see why we should
> be
> > > against this features.
> > >
> > > Can you please elaborate on security risks? What exactly do you have in
> > > mind?
> > >
> >
> > Val, my main concern was that users would use the thin client to connect
> to
> > a remote cluster, hosted elsewhere, and could run some malicious code.
> But
> > you are right, it can probably be solved by other means, like a firewall
> > for example. No objections on adding the compute API to thin clients from
> > me.
> >
>
>
>
> --
> Sergey Kozlov
> GridGain Systems
> www.gridgain.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message