Hi Weike, would it be good enough if the user did not include unsafe ranges when specifying `rest.bind-port`? My concern with excluding unsafe ports is that it adds some invisible magic which can be hard to understand for the user. I think over the past couple of years it has proven that auto magic often leads to hard to understand features.
Cheers, Till On Sat, May 23, 2020 at 7:46 AM DONG, Weike <kyled...@connect.hku.hk> wrote: > Hi dev, > > Recently we have found that when* `rest.bind-port`* parameter is specified > as a port range (i.e. "5000-8000"), Flink may bind to some port (like 6000) > that is not allowed by Chrome (showing a "ERR_UNSAFE_PORT" message and > preventing users to continue accessing the website), similarly Firefox > blocks these unsafe port as well [1]. > > When I dig further into this issue, I do believe that this restriction is > reasonable [2] as Flink may accidentally bind to some port that is > generally considered to be used by other services, posing security risks > and causing potential confusions to the network administrator. > > Here I propose that when Flink tries to do port selection in ` > *NetUtils.getPortRangeFromString*`, we return an iterator that explicitly > skips those unsafe ports, so that those unsafe ports would not be used > unless users explicitly specify one in *`rest.port`* parameter. > > I would like to solicit opinions from the community on this matter, thanks > : ) > > Sincerely, > Weike > > [1] https://www-archive.mozilla.org/projects/netlib/portbanning#portlist > [2] > > https://superuser.com/questions/188058/which-ports-are-considered-unsafe-by-chrome >
