Repository: tinkerpop
Updated Branches:
refs/heads/tp32 97aef3298 -> 9a695169d
Updated security docs a bit for Gremlin Server CTR
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/9a695169
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/9a695169
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/9a695169
Branch: refs/heads/tp32
Commit: 9a695169d59213e7ddf80eb4d08a897815fa7466
Parents: 97aef32
Author: Stephen Mallette <spmva@genoprime.com>
Authored: Tue Sep 19 13:43:03 2017 -0400
Committer: Stephen Mallette <spmva@genoprime.com>
Committed: Tue Sep 19 13:56:26 2017 -0400
----------------------------------------------------------------------
docs/src/reference/gremlin-applications.asciidoc | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/9a695169/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc
index 7e72d33..5af699f 100644
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@ -384,6 +384,10 @@ on how to develop a driver for Gremlin Server.
By default, communication with Gremlin Server occurs over link:http://en.wikipedia.org/wiki/WebSocket[WebSocket]
and
exposes a custom sub-protocol for interacting with the server.
+WARNING: Gremlin Server allows for the execution of remotely submitted "scripts" (i.e. arbitrary
code sent by a client
+to the server). Developers should consider the security implications involved in running
Gremlin Server without the
+appropriate precautions. Please review the <<script-execution,Script Execution Section>>
for more information.
+
[[starting-gremlin-server]]
Starting Gremlin Server
~~~~~~~~~~~~~~~~~~~~~~~
@@ -1328,8 +1332,14 @@ some problems would be, `while(true) {}`, which would consume a thread
in the Gr
preventing it from serving other requests. Sending enough of these kinds of scripts would
eventually consume all
available threads and Gremlin Server would stop responding.
-Gremlin Server (more specifically the `GremlinGroovyScriptEngine`) provides methods to protect
itself from these
-kinds of troublesome scripts. A user can configure the script engine with different `CompilerCustomizerProvider`
+Scripts have access to the full power of their language and the JVM on which they are running.
This means that they
+can access certain APIs that have nothing to do with Gremlin itself, such as `java.lang.System`
or the `java.io`
+and `java.net` packages. Scripts offer developers a lot of flexibility, but having that flexibility
comes at the cost
+of safety. A Gremlin Server instance that is not secured appropriately provides for a big
security risk.
+
+The previous sections discussed methods for securing Gremlin Server through authentication
and encryption, which is a
+good first step in protection. Another layer of protection comes in the form of specific
configurations for the
+`GremlinGroovyScriptEngine`. A user can configure the script engine with different `CompilerCustomizerProvider`
implementations. Consider the basic configuration from the Gremlin Server YAML file:
[source,yaml]
|