[
https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14504868#comment-14504868
]
Alexander Rojas edited comment on MESOS-2620 at 6/2/15 12:50 PM:
-----------------------------------------------------------------
https://reviews.apache.org/r/33295/ - Adds firewall mechanism in libprocess.
https://reviews.apache.org/r/33296/ - Adds flag on master and slave which
initializes firewall.
was (Author: arojas):
https://reviews.apache.org/r/33295/
https://reviews.apache.org/r/33296/
> Implement a mechanism which allows access control of endpoints
> --------------------------------------------------------------
>
> Key: MESOS-2620
> URL: https://issues.apache.org/jira/browse/MESOS-2620
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess, master, slave
> Affects Versions: 0.21.1
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: mesosphere, security
>
> h2. Rationale
> As is currently implemented, libprocess processes are able to provide HTTP
> endpoints to serve some client's requests. Any security requirement are left
> to the actual endpoint handler to be implemented. Moreover, some common
> security checks (e.g., requiring the connection to be perform over a secure
> channel or controlling the source of the connection) cannot be performed at
> all since this attributes are not made available to the endpoint's handlers.
> h2. Goal
> Implement a mechanism which allows users of libprocess to install _firewall_
> like rules which can be easily applied to any incoming connection, decoupling
> the endpoint's handler from the security layer.
> Provide at least one rule which allows the selective disabling of endpoints.
> This also requires mesos users to be able to manipulate such rules.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
