[
https://issues.apache.org/jira/browse/HADOOP-12579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15097129#comment-15097129
]
Colin Patrick McCabe commented on HADOOP-12579:
-----------------------------------------------
bq. If just removes the old RPC engine, my quick trying looks like the involved
change isn't big and the risk looks acceptable. Sure servers won't accept
requests using the old RPC version from old clients.
Sure. We should probably remove the PB wrappers in a follow-on change rather
than dealing with it here.
bq. Did you mean the protocol buffer service translator stuffs like
ClientDatanodeProtocolServerSideTranslatorPB and the related? If so, I guess
the incurred overhead would be the added layer and additional call. For types
involved in the RPC calling request and response, we still need convert back
and forth between normal Java types and protocol buffer types for convenience,
like even in HBase, because sometimes protocol buffer types would look
intrusive to pass down and use. Sorry if I misunderstood your point.
While it may be desirable sometimes to translate protobuf types into something
else, there are many more times when it's simpler and less error-prone just to
use the types directly. The translation code is very verbose, which makes it
inconvenient to add or change anything, and has been a source of bugs in the
past when someone forgets to manually copy a field.
> Deprecate and remove WriteableRPCEngine
> ---------------------------------------
>
> Key: HADOOP-12579
> URL: https://issues.apache.org/jira/browse/HADOOP-12579
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Haohui Mai
>
> The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC
> requests. Without proper checks, it has be shown that it can lead to security
> vulnerabilities such as remote code execution (e.g., COLLECTIONS-580,
> HADOOP-12577).
> The current implementation has migrated from {{WriteableRPCEngine}} to
> {{ProtobufRPCEngine}} now. This jira proposes to deprecate
> {{WriteableRPCEngine}} in branch-2 and to remove it in trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
