I'm ok if it does not break the idea to restrict execution for the signed
code only.

On Wed, Apr 4, 2018 at 1:05 PM, Ilya Kasnacheev <ilya.kasnach...@gmail.com>
wrote:

> Hello!
>
> > checksum of uploaded java code
>
> I argue not for Java code but for javascript/nashorn. Ruby or PHP guys
> won't be happy about writing java, but they can easily do JS.
>
> (If we wanted Java, we could make it service grid-oriented. Which is an
> interesting idea btw. We can frame local computations as service methods,
> let thin clients invoke them. No code sending necessary in this case.)
>
> Otherwise your suggestions look reasonable. The only thing I'll add, let's
> make it a configuration field and not IGNITE_ define for usability.
>
> Regards,
>
> --
> Ilya Kasnacheev
>
> 2018-04-04 12:55 GMT+03:00 Sergey Kozlov <skoz...@gridgain.com>:
>
> > Hi
> >
> > We can introduce the rules to use compute tasks execution:
> >  1. Disable by default that feature (enabling will require change a
> > configuration property and restart cluster)
> >  2. Disable by default code sending in the cluster  (enabling will
> require
> > change  a configuration property and restart cluster)
> >  3. White list of allowed compute tasks: we can collect sha256 checksums
> > for codes and allow to execute a task only if checksum of uploaded java
> > code is listed in the white list.
> >
> > On Wed, Apr 4, 2018 at 11:26 AM, Dmitriy Setrakyan <
> dsetrak...@apache.org>
> > wrote:
> >
> > > On Tue, Apr 3, 2018 at 5:48 PM, Valentin Kulichenko <
> > > valentin.kuliche...@gmail.com> wrote:
> > >
> > > > Dmitry,
> > > >
> > > > I just think that it's natural to have this functionality and that it
> > > would
> > > > drastically increase flexibility of thin client. Multiple requests
> from
> > > > users (one of them in this thread) seem to confirm this. At the same
> > > time,
> > > > I don't see much technical challenge here (like with near caches or
> > > > continuous queries for example), and therefore don't see why we
> should
> > be
> > > > against this features.
> > > >
> > > > Can you please elaborate on security risks? What exactly do you have
> in
> > > > mind?
> > > >
> > >
> > > Val, my main concern was that users would use the thin client to
> connect
> > to
> > > a remote cluster, hosted elsewhere, and could run some malicious code.
> > But
> > > you are right, it can probably be solved by other means, like a
> firewall
> > > for example. No objections on adding the compute API to thin clients
> from
> > > me.
> > >
> >
> >
> >
> > --
> > Sergey Kozlov
> > GridGain Systems
> > www.gridgain.com
> >
>



-- 
Sergey Kozlov
GridGain Systems
www.gridgain.com

Reply via email to