You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Dan Smith (JIRA)" <ji...@apache.org> on 2016/10/04 20:58:20 UTC

[jira] [Commented] (GEODE-1960) Provide protection against malicious developer jars deployed as functions

    [ https://issues.apache.org/jira/browse/GEODE-1960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15546643#comment-15546643 ] 

Dan Smith commented on GEODE-1960:
----------------------------------

In order for a function to be executed, it has to be added to the classpath of the server by an administrator; geode does not support distributed classloading from clients or anything like that. Is that the sort of protection you are looking for, or are you talking about protecting users from themselves by not allowing them to make certain system calls?

> Provide protection against malicious developer jars deployed as functions
> -------------------------------------------------------------------------
>
>                 Key: GEODE-1960
>                 URL: https://issues.apache.org/jira/browse/GEODE-1960
>             Project: Geode
>          Issue Type: Improvement
>          Components: functions, security
>            Reporter: Diane Hardman
>            Priority: Minor
>
> Provide protection for functions that might contain malicious calls like System.exit().



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)