grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

api: Explain security constraints of ATTR_AUTHORITY_OVERRIDE 

Half of the text was copied from NameResolver.getServiceAuthority().
However, that method can't perform I/O (which would block) so more text
was appropriate here to mention the implications of having a remote
service provide the authority.

I noticed the text was lacking while discussing #9266.
This commit is contained in:
Eric Anderson 2022-06-22 13:16:42 -07:00 committed by GitHub
parent 8996702715
commit 69abec5a28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/main/java/io/grpc/EquivalentAddressGroup.java
View File

@ -40,6 +40,11 @@ public final class EquivalentAddressGroup {
* However, if the channel has overridden authority via
* {@link ManagedChannelBuilder#overrideAuthority(String)}, the transport will use the channel's
* authority override.
*
* <p>The authority <strong>must</strong> be from a trusted source, because if the authority is
* tampered with, RPCs may be sent to attackers which may leak sensitive user data. If the
* authority was acquired by doing I/O, the communication must be authenticated (e.g., via TLS).
* Recognize that the server that provided the authority can trivially impersonate the service.
*/
@Attr
@ExperimentalApi("https://github.com/grpc/grpc-java/issues/6138")