You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apex.apache.org by Sandesh Hegde <sa...@datatorrent.com> on 2015/11/19 00:33:30 UTC

Apex-119 Security consideration

Hi Team,

As a part of the distributed operator, we are enabling messaging between
partitions. For messaging, we are planning to run NetLet server for sending
& receiving messages. So it will open ports to accept the messages. With
this design data can be sent\read from outside to the operator. So any
thoughts on this? Should we explore the fix now or later?

Thanks
Sandesh

Re: Apex-119 Security consideration

Posted by "York, Brennon" <Br...@capitalone.com>.

Since it looks like, if I’m not mistaken, that the NetLet server is a custom DT implementation it won’t be easy to bake in SSL capability *if we wanted*. That said I would vote to punt on the security for now (I know, terrible idea) and state within APEX-119 that, for the JIRA to be complete, it must also have corresponding documentation merged to accurately describe the security hole. If it becomes a big deal for the community we can always go back and explore options at a later date.

My 2c.

> On Nov 18, 2015, at 3:33 PM, Sandesh Hegde <sa...@datatorrent.com> wrote:
> 
> Hi Team,
> 
> As a part of the distributed operator, we are enabling messaging between
> partitions. For messaging, we are planning to run NetLet server for sending
> & receiving messages. So it will open ports to accept the messages. With
> this design data can be sent\read from outside to the operator. So any
> thoughts on this? Should we explore the fix now or later?
> 
> Thanks
> Sandesh

________________________________________________________

The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.