[
https://issues.apache.org/jira/browse/TINKERPOP-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stephen mallette closed TINKERPOP-1843.
---------------------------------------
Resolution: Won't Do
> Provide method to disable scripting in Gremlin Server
> -----------------------------------------------------
>
> Key: TINKERPOP-1843
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1843
> Project: TinkerPop
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.2.6
> Reporter: stephen mallette
> Priority: Major
>
> Allowing the processing of remote scripts in Gremlin Server has important
> security issues that should be considered when deploying it. While we have
> documentation that explains the issue of "scripts" we could also consider the
> ability for Gremlin Server to be configured in a fashion where it only
> allowed bytecode based processing. Obviously, this approach has some
> drawbacks as the Gremlin Console would no longer work with this configuration
> turned on (users would have to user remote traversals/bytecode from the
> console to connect to their graph).
> Eventually, we could probably have Gremlin Server running in this fashion by
> default/out-of-the-box, but we'd have to reserve that approach for when a
> breaking change was allowed in versioning (at this point 3.4.x).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
