You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ratis.apache.org by William Song <sz...@163.com> on 2022/07/27 09:06:53 UTC

potential risk on GrpcService

Hi,

Currently NettyServerBuilder uses 0.0.0.0 as service address upon starting, see[1]. Listening on 0.0.0.0 is potentially a bad practice, since anything else on the same network can interact with it. Is is possible to make this address a configuration entry so that the administrator can have control on the address?

Regards,
William

[1]. https://github.com/apache/ratis/blob/d3a0f9491f17462555c8fe522cbdc2ea4c88ef3b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java#L219

Re: potential risk on GrpcService

Posted by Tsz Wo Sze <sz...@gmail.com>.

Hi William,

Sure, we should make it configurable.  Recently, we changed Netty; see
https://issues.apache.org/jira/browse/RATIS-1615 .  We should make a
similar change to gRPC.

Tsz-Wo

On Wed, Jul 27, 2022 at 2:07 AM William Song <sz...@163.com> wrote:

> Hi,
>
> Currently NettyServerBuilder uses 0.0.0.0 as service address upon
> starting, see[1]. Listening on 0.0.0.0 is potentially a bad practice, since
> anything else on the same network can interact with it. Is is possible to
> make this address a configuration entry so that the administrator can have
> control on the address?
>
> Regards,
> William
>
> [1].
> https://github.com/apache/ratis/blob/d3a0f9491f17462555c8fe522cbdc2ea4c88ef3b/ratis-grpc/src/main/java/org/apache/ratis/grpc/server/GrpcService.java#L219
>