Open sgloutnikov opened 7 months ago
FYI @argerus
As I understand it, this would come in handy for GRPC tools supporting reflection such as https://github.com/fullstorydev/grpcurl or https://github.com/IBM/gWhisper , but it assume it would also increase attack surface.
Not in the sense that somebody can figure out our 'secret' API (that is open here anyway), but but by exposing more functionality than is necessary for normal operations, so if we put support in, it seems prudent to hide it behind an optional flag?
Yes, agreed on the unnecessary toggle if reflection is enabled. In addition, there also shouldn't be any performance implications for enabling it. My use case for reflection is not having to distribute and compile the .proto
files in a custom client.
From what I have gathered gRPC Server Reflection is not enabled on the
KUKSA Databroker
and is on theKUKSA Server
. Someone please correct me if this is not the case.I would like to start a discussion regarding enabling it also on the Databroker, with either a toggle flag or permanently. I am also new to Rust and don't know when the tonic based gRPC reflection implementation was added, but it is now available.