[
https://issues.apache.org/jira/browse/HADOOP-12579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15105019#comment-15105019
]
Kai Zheng commented on HADOOP-12579:
------------------------------------
While working on this, getting rid of the engine completely, I found the
{{RPC#waitForProxy}} method family may also be deprecated, considering:
* We probably never need to wait, giving current available engines. The proxy
can be created and returned on demand shortly. No network connection is
incurred.
* In the real implementation codes of waitForProtocolProxy, it uses a while
loop to try and try until a passed timeout value is consumed. I guess the logic
and codes were from early days of the project? Because no connection is made
during the proxy creating and initializing. The real network connection is only
made when the invoker is invoked and a RPC call is called.
* Most places call {{RPC#getProxy}} already.
* Not sure to remove these, considering codes out of Hadoop might call them.
But deprecate them should be fine and change the implementation removing the
while loop and timeout stuffs.
Please help confirm, if sounds good I'll handle it here or separately. Thanks.
> Deprecate and remove WriteableRPCEngine
> ---------------------------------------
>
> Key: HADOOP-12579
> URL: https://issues.apache.org/jira/browse/HADOOP-12579
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Haohui Mai
> Attachments: HADOOP-12579-v1.patch
>
>
> The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC
> requests. Without proper checks, it has be shown that it can lead to security
> vulnerabilities such as remote code execution (e.g., COLLECTIONS-580,
> HADOOP-12577).
> The current implementation has migrated from {{WriteableRPCEngine}} to
> {{ProtobufRPCEngine}} now. This jira proposes to deprecate
> {{WriteableRPCEngine}} in branch-2 and to remove it in trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
