[jira] [Commented] (STORM-876) Dist Cache: Basic Functionality

Tue, 03 Nov 2015 08:29:04 -0800 

    [ 
https://issues.apache.org/jira/browse/STORM-876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987557#comment-14987557
 ] 

ASF GitHub Bot commented on STORM-876:
--------------------------------------

Github user revans2 commented on a diff in the pull request:

    https://github.com/apache/storm/pull/845#discussion_r43770063
  
    --- Diff: storm-core/src/clj/backtype/storm/cluster.clj ---
    @@ -248,9 +256,9 @@
       [id]
       (str ASSIGNMENTS-SUBTREE "/" id))
     
    -(defn code-distributor-path
    -  [id]
    -  (str CODE-DISTRIBUTOR-SUBTREE "/" id))
    +(defn blobstore-path
    +  [key]
    +  (str BLOBSTORE-SUBTREE "/" key))
    --- End diff --
    
    This makes me a bit nervous, as key is a user provided value, and if we put 
in a `..` or a `/` or something else malicious it could cause a security issue. 
 Are we checking elsewhere to prevent the key from having potentially harmful 
characters in it?


> Dist Cache: Basic Functionality
> -------------------------------
>
>                 Key: STORM-876
>                 URL: https://issues.apache.org/jira/browse/STORM-876
>             Project: Apache Storm
>          Issue Type: Improvement
>          Components: storm-core
>            Reporter: Robert Joseph Evans
>            Assignee: Robert Joseph Evans
>         Attachments: DISTCACHE.md, DistributedCacheDesignDocument.pdf
>
>
> Basic functionality for the Dist Cache feature.
> As part of this a new API should be added to support uploading and 
> downloading dist cache items.  storm-core.ser, storm-conf.ser and storm.jar 
> should be written into the blob store instead of residing locally. We need a 
> default implementation of the blob store that does essentially what nimbus 
> currently does and does not need anything extra.  But having an HDFS backend 
> too would be great for scalability and HA.
> The supervisor should provide a way to download and manage these blobs and 
> provide a working directory for the worker process with symlinks to the 
> blobs.  It should also allow the blobs to be updated and switch the symlink 
> atomically to point to the new blob once it is downloaded.
> All of this is already done by code internal to Yahoo! we are in the process 
> of getting it ready to push back to open source shortly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to