You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is indeed a problem [1] with this RPC interaction agreement: the server-side transparently transmits the exception class to the caller. In any case, the callee should return a clear error to the caller. If an unknown exception is encountered, the detailed information should be retained locally, rather than being transparently transmitted to the calling layer.
In the case where the accessed party is a malicious node injecting exceptions, there is a risk of introduction based on the aforementioned issue. This risk exists, but it is not urgent
Description
There is indeed a problem [1] with this RPC interaction agreement: the server-side transparently transmits the exception class to the caller. In any case, the callee should return a clear error to the caller. If an unknown exception is encountered, the detailed information should be retained locally, rather than being transparently transmitted to the calling layer.
In the case where the accessed party is a malicious node injecting exceptions, there is a risk of introduction based on the aforementioned issue. This risk exists, but it is not urgent
core/src/main/java/org/apache/inlong/tubemq/corerpc/netty/NettyClient.java#L349
InLong Component
InLong TubeMQ
Are you willing to submit PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: