[
https://issues.apache.org/jira/browse/THRIFT-1310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15523824#comment-15523824
]
James E. King, III commented on THRIFT-1310:
--------------------------------------------
It sounds like the issue is in the server side. If a client can disconnect,
reconnect, and get a response from a previous connection that is a major
security issue, because then any other client that connects (not necessarily
the one that "re"connects) could get data that doesn't belong to it. This
should not be cheched on the client with seqId matching... this is a
server-side defect and a high priority, security issue.
> Generate PHP client code not check sequence ID in messages
> ----------------------------------------------------------
>
> Key: THRIFT-1310
> URL: https://issues.apache.org/jira/browse/THRIFT-1310
> Project: Thrift
> Issue Type: Bug
> Components: PHP - Library
> Affects Versions: 0.7
> Reporter: Fang Jian
> Labels: security-issue
> Attachments: t_php_generator.patch
>
>
> The PHP client code not check sequence ID in messages, when client connect
> timeout, the return of results are out of sequence. I try to fix this by
> throwing a exception when sequence ID not equal. Patch file is listed below.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
