[jira] [Work logged] (BEAM-9564) Remove insecure ssl options from MongoDBIO

Mon, 23 Mar 2020 02:42:46 -0700 


     [ 
https://issues.apache.org/jira/browse/BEAM-9564?focusedWorklogId=407800&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-407800
 ]

ASF GitHub Bot logged work on BEAM-9564:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Mar/20 09:41
            Start Date: 23/Mar/20 09:41
    Worklog Time Spent: 10m 
      Work Description: iemejia commented on issue #11186: [BEAM-9564] Remove 
insecure ssl options from MongoDBIO
URL: https://github.com/apache/beam/pull/11186#issuecomment-602486274
 
 
   They will once we allow them to provide their own MongoClient via a 
provider. Filled [BEAM-9571](https://issues.apache.org/jira/browse/BEAM-9571) 
for this. This PR is about avoiding at the Beam side to suggest them to shoot 
in their feet. Up to them if they want to explicitly do :)
   I can inverse the order of the PRs if you prefer. Providing first the valid 
replacement alternative (BEAM-9571) and then the removal of the method, we can 
even deprecate it and be more 'user friendly' if you prefer. (I wanted to go 
ahead faster because this is a potential security issue for users). WDYT?
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 407800)
    Time Spent: 1h  (was: 50m)

> Remove insecure ssl options from MongoDBIO
> ------------------------------------------
>
>                 Key: BEAM-9564
>                 URL: https://issues.apache.org/jira/browse/BEAM-9564
>             Project: Beam
>          Issue Type: Improvement
>          Components: io-java-mongodb
>    Affects Versions: 2.21.0
>            Reporter: Ismaël Mejía
>            Assignee: Ismaël Mejía
>            Priority: Critical
>              Labels: backward-incompatible
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> The option MongoDBIO.withIgnoreSSLCertificate  and 
> withSSLInvalidHostNameAllowedslInvalidHostNameAllowed() are insecure by 
> design. We should not encourage users to be able to use them so better to 
> remove these options.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to