Re: Unnecessary uses of final on local variables

2019-06-14 Thread Jacob Barrett 



> On Jun 13, 2019, at 1:31 PM, Kirk Lund  wrote:
> 
> According to Effective Java 3rd Edition, all local variables are implicitly
> made final by the JVM…

Can you please provide a link or at least the chapter and item number that this 
statement is made in. I have scanned through the book and search online and 
haven’t found a statement in this book regarding final local variables. 

Thanks,
Jake

[PROPOSAL]: Improve OQL Method Invocation Security

2019-06-14 Thread Ju@N 
Hello everyone,

I've just published in the Wiki a new proposal

to improve the current behaviour regarding how we allow/deny certain method
to be invoked on objects as part of the OQL execution. It's still in early
stages and some of the suggested implementations might not even be
possible, but please go ahead and submit any feedback and/or ideas you
might have about it, every contribution is welcome.
Best regards.

-- 
Ju@N

Re: [PROPOSAL]: Improve OQL Method Invocation Security

2019-06-14 Thread Jacob Barrett 
> As part of GEODE-3247 , 
> several options were analysed and, after considering the wealth of security 
> holes and the difficulty of determining which methods deployed by the 
> developer were intended to be available for queries and which were not, the 
> decision was made to tighten up the Security and, by default, disallow any 
> method call not explicitly whitelisted.

Please avoid biased words, like whitelist, in source and proposals. There are 
several other places in this document that use these terms. Can you please 
update the document without them.

Thanks,
Jake

Re: [PROPOSAL]: Improve OQL Method Invocation Security

2019-06-14 Thread Juan José Ramos 
Hey Jake,

Thanks for bringing this up. As you might have found out already, english
is not my native language, I actually had to do some research to find out
*exactly what you meant* regarding the bias around the "whitelist" word
:-|... It was an honest mistake and I sincerely apologize in advance if
anyone got offended in any way.
That said, I won't have time to go through the proposal and make the
required changes until next week, so I'll keep the document hidden until
all biased words are replaced.
Cheers.


On Sat, Jun 15, 2019 at 12:25 AM Jacob Barrett  wrote:

> > As part of GEODE-3247 ,
> several options were analysed and, after considering the wealth of security
> holes and the difficulty of determining which methods deployed by the
> developer were intended to be available for queries and which were not, the
> decision was made to tighten up the Security and, by default, disallow any
> method call not explicitly whitelisted.
>
> Please avoid biased words, like whitelist, in source and proposals. There
> are several other places in this document that use these terms. Can you
> please update the document without them.
>
> Thanks,
> Jake
>
>

-- 
Juan José Ramos Cassella
Senior Technical Support Engineer
Email: jra...@pivotal.io
Office#: +353 21 4238611
Mobile#: +353 87 2074066
After Hours Contact#: +1 877 477 2269
Office Hours: Mon - Thu 08:30 - 17:00 GMT. Fri 08:30 - 16:00 GMT
How to upload artifacts:
https://support.pivotal.io/hc/en-us/articles/204369073
How to escalate a ticket:
https://support.pivotal.io/hc/en-us/articles/203809556

[image: support]  [image: twitter]
 [image: linkedin]
 [image: facebook]
 [image: google plus]
 [image: youtube]

need access for commit

2019-06-14 Thread aashish choudhary 
Hi Team,

I am interested to work on Geode development, bug fixes etc. Let me know
the process for same.


With Best Regards,
Ashish