[
https://issues.apache.org/jira/browse/KUDU-1875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15864912#comment-15864912
]
Todd Lipcon commented on KUDU-1875:
-----------------------------------
Got it. I think when it rejects the connection attempts, the client on the
other side should get a nice actionable error message so that a user who is
surprised by this behavior (backward-incompatible) could easily find the flag
to flip. (eg maybe they're on public IPs but well firewalled)
> Refuse unauthenticated connections from publicly routable IP addrs
> ------------------------------------------------------------------
>
> Key: KUDU-1875
> URL: https://issues.apache.org/jira/browse/KUDU-1875
> Project: Kudu
> Issue Type: Improvement
> Components: rpc, security
> Affects Versions: 1.2.0
> Reporter: Dan Burkert
>
> Kudu should by default not accept unauthenticated connections from publicly
> routable IPs, even if authentication and encryption are not configured. An
> unsafe flag should be provided to enable unauthenticated connections from
> publicly routable IPs, with appropriately scary verbiage and a link to
> https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
