----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/62088/#review184608 -----------------------------------------------------------
I prefer config option names to be as unambiguous as possible. I think `allow` would be clearer than `disallow` because it avoids double-negatives. Can we use `allow-internal-messages-without-credentials` and have it default to `true`? - Galen O'Sullivan On Sept. 5, 2017, 5:57 p.m., Bruce Schuchardt wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/62088/ > ----------------------------------------------------------- > > (Updated Sept. 5, 2017, 5:57 p.m.) > > > Review request for geode, Alexander Murmann, Galen O'Sullivan, Hitesh > Khamesra, and Udo Kohlmeyer. > > > Bugs: GEODE-3249 > https://issues.apache.org/jira/browse/GEODE-3249 > > > Repository: geode > > > Description > ------- > > This change leaves the security hole in place but allows you to plug it by > setting the system property > > geode.disallow-internal-messages-without-credentials=true > > Clients must be upgraded to the release containing this change if you set > this system property to true and client/server authentication is enabled. > Otherwise client messages to register PDX types or Instantiators will be > rejected by the servers. > > > Diffs > ----- > > > geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java > b243d8ebb8f7fb698a4637c7a787ee2d7216f1f7 > > > Diff: https://reviews.apache.org/r/62088/diff/1/ > > > Testing > ------- > > > Thanks, > > Bruce Schuchardt > >
