[TubeMQ] Adjust FATAL type error return content, without carrying class name #9613
Open
2 tasks done
Assignees
Labels
Comments
|
This issue is stale because it has been open for 60 days with no activity. |
github-actions
bot
added
the
stage/stale
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
There is indeed a problem [1] with this RPC interaction agreement: the server-side transparently transmits the exception class to the caller. In any case, the callee should return a clear error to the caller. If an unknown exception is encountered, the detailed information should be retained locally, rather than being transparently transmitted to the calling layer.
In the case where the accessed party is a malicious node injecting exceptions, there is a risk of introduction based on the aforementioned issue. This risk exists, but it is not urgent
core/src/main/java/org/apache/inlong/tubemq/corerpc/netty/NettyClient.java#L349
InLong Component
InLong TubeMQ
Are you willing to submit PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: