You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brpc.apache.org by GitBox <gi...@apache.org> on 2019/04/26 09:46:17 UTC
[GitHub] [incubator-brpc] cdjingit opened a new issue #747: BuiltinService不支持安全认证,可能导致一些支持热加载的gflag配置项被无端篡改
cdjingit opened a new issue #747: BuiltinService不支持安全认证,可能导致一些支持热加载的gflag配置项被无端篡改
URL: https://github.com/apache/incubator-brpc/issues/747
**Describe the bug (描述bug)**
通过访问内置http服务,gflag配置项有可能被修改,导致服务非预期的行为。
```
if (mp != NULL &&
mp->is_builtin_service &&
mp->service->GetDescriptor() != BadMethodService::descriptor()) {
// BuiltinService doesn't need authentication
// TODO: Fix backdoor that sends BuiltinService at first
// and then sends other requests without authentication
return true;
}
```
[https://github.com/apache/incubator-brpc/blob/master/src/brpc/policy/http_rpc_protocol.cpp#L1173](url)
**Expected behavior (期望行为)**
支持http认证
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@brpc.apache.org
For additional commands, e-mail: dev-help@brpc.apache.org