Bifrost icon indicating copy to clipboard operation
Bifrost copied to clipboard

Published 20 hours ago verified publisher icon dolittle

Don't include command security proxies in Bifrost/Application. #759

Open bnordli opened this issue 8 years ago • 3 comments

Some code cleanup, including consistent ordering on generated proxies.

Original issue: ProCoSys/Bifrost#45

(To get CommandSecurityProxies, reference Bifrost/Security instead of Bifrost/Application.)

This change is Reviewable

bnordli avatar Jan 19 '17 06:01 bnordli

The easiest thing and actually would avoid this being a breaking change is to make it configurable for now. Typically in the WebConfiguration there could be a flag saying something like IncludeCommandSecurityProxies - default set to true, making it a non breaking change and we could just pull it in directly

einari avatar Feb 25 '17 00:02 einari

But why would anyone want to keep this security problematic behavior? I can accept making it configurable via a flag, but then I would very much like to throw an exception on start-up if this flag is not set, pointing clients to an explanation why this flag must be set in order to avoid security breaches.

bnordli avatar Feb 26 '17 19:02 bnordli

Never mind.. I misunderstood what this was about. Agree - the way things are today, its pretty useless. Added an issue for what I think should do the trick in the long term (#785). Don't do anything with this - I'll merge it in at the the right time.

einari avatar Feb 26 '17 21:02 einari