tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmalle...@apache.org
Subject tinkerpop git commit: Updated security docs a bit for Gremlin Server CTR
Date Tue, 19 Sep 2017 18:03:52 GMT
Repository: tinkerpop
Updated Branches:
  refs/heads/tp32 97aef3298 -> 9a695169d

Updated security docs a bit for Gremlin Server CTR

Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/9a695169
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/9a695169
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/9a695169

Branch: refs/heads/tp32
Commit: 9a695169d59213e7ddf80eb4d08a897815fa7466
Parents: 97aef32
Author: Stephen Mallette <spmva@genoprime.com>
Authored: Tue Sep 19 13:43:03 2017 -0400
Committer: Stephen Mallette <spmva@genoprime.com>
Committed: Tue Sep 19 13:56:26 2017 -0400

 docs/src/reference/gremlin-applications.asciidoc | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc
index 7e72d33..5af699f 100644
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@ -384,6 +384,10 @@ on how to develop a driver for Gremlin Server.
 By default, communication with Gremlin Server occurs over link:http://en.wikipedia.org/wiki/WebSocket[WebSocket]
 exposes a custom sub-protocol for interacting with the server.
+WARNING: Gremlin Server allows for the execution of remotely submitted "scripts" (i.e. arbitrary
code sent by a client
+to the server). Developers should consider the security implications involved in running
Gremlin Server without the
+appropriate precautions. Please review the <<script-execution,Script Execution Section>>
for more information.
 Starting Gremlin Server
@@ -1328,8 +1332,14 @@ some problems would be, `while(true) {}`, which would consume a thread
in the Gr
 preventing it from serving other requests.  Sending enough of these kinds of scripts would
eventually consume all
 available threads and Gremlin Server would stop responding.
-Gremlin Server (more specifically the `GremlinGroovyScriptEngine`) provides methods to protect
itself from these
-kinds of troublesome scripts.  A user can configure the script engine with different `CompilerCustomizerProvider`
+Scripts have access to the full power of their language and the JVM on which they are running.
This means that they
+can access certain APIs that have nothing to do with Gremlin itself, such as `java.lang.System`
or the `java.io`
+and `java.net` packages. Scripts offer developers a lot of flexibility, but having that flexibility
comes at the cost
+of safety. A Gremlin Server instance that is not secured appropriately provides for a big
security risk.
+The previous sections discussed methods for securing Gremlin Server through authentication
and encryption, which is a
+good first step in protection. Another layer of protection comes in the form of specific
configurations for the
+`GremlinGroovyScriptEngine`.  A user can configure the script engine with different `CompilerCustomizerProvider`
 implementations.  Consider the basic configuration from the Gremlin Server YAML file:

View raw message