Dan Burkert has posted comments on this change. Change subject: rpc: add basic service and method-level authorization ......................................................................
Patch Set 2: (1 comment) http://gerrit.cloudera.org:8080/#/c/4897/1/src/kudu/rpc/service_if.cc File src/kudu/rpc/service_if.cc: Line 117: // Fall out of the 'if' statement to the normal path. > hrm, I can see an argument either way. I think my thinking here is that, if So what's the decision here? FWIW I still think we should check authz up front, anything else risks security vulnerabilities. As just one example, consider whether not delaying authz checks introduces timing attacks. If no, is that property resistant to future refactors? -- To view, visit http://gerrit.cloudera.org:8080/4897 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ia9206f5f89391d8bccfa30952d2b252900ab6566 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
