Joseph Witt created NIFI-3662:
---------------------------------
Summary: Components which allow users to alter the classpath at
runtime should be 'restricted'
Key: NIFI-3662
URL: https://issues.apache.org/jira/browse/NIFI-3662
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Reporter: Joseph Witt
Priority: Critical
A lot of great work has gone into making it easy to run multiple versions of
the same component in parallel with isolated classloaders and to restructure
classloaders on the fly as needed to deal with certain libraries that do evil
things with statics and to enable users to add jars/code to the classpath of
their components at runtime as needed. For example, the HDFS processors can
now be extended to support protocols like WASB.
These things are all really valuable.
We also recently introduced the concept of restricted components to ensure that
special authorization is required for users to be able to use certain
processors which could easily be used to access portions of the system or
execute arbitrary code.
We should update the framework to detect components/extensions that allow
runtime classpath manipulation and automatically mark them as restricted
regardless of whether the developer did so. And we should update the
restricted components docs to articulate this.
By being able to alter the classpath at runtime this is just as justified as
the other reasons we had previously noted for marking a component 'restricted'.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
