> On May 9, 2016, 11:12 a.m., Alexander Rojas wrote: > > docs/authorization.md, lines 90-101 > > <https://reviews.apache.org/r/47068/diff/1/?file=1374827#file1374827line90> > > > > Do we really need to distinguish this one as a different case of > > general authorization? I personally believe no (except for performance > > issues), but in that case I would prefer an opt-out flag than an opt-in one.
So you would prefere the default to be set to true? Not sure that makes sense, as it is an advanced feature which should be turned on knowing about the consequences... I believe adding a separate note/section to the document makes sense as a) it is different from the all/nothing authorization behavior of the other cases (where I simply get a "Not Authorized reply"), b) it has performance implications I feel are important to understand for users... - Joerg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47068/#review132245 ----------------------------------------------------------- On May 6, 2016, 8:31 p.m., Joerg Schad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47068/ > ----------------------------------------------------------- > > (Updated May 6, 2016, 8:31 p.m.) > > > Review request for mesos, Adam B, Alexander Rojas, and Michael Park. > > > Repository: mesos > > > Description > ------- > > Added a master flag enabling the fine-grained > authorization based filtering of HTTP endpoints. > The default for this setting is `false` as the filtering incurs > a performance penalty. > > > Diffs > ----- > > docs/authorization.md 0db5c345b3239814b3b9d2e8a87601ff69d0f869 > docs/configuration.md 34271c76d10ad930e6cc586c2b820ce8989a053a > src/master/flags.hpp e4cac1f8d688319c804e608b7229f458f779364a > src/master/flags.cpp c0c9e924e876175b75a174e375a4c993d97e18ee > > Diff: https://reviews.apache.org/r/47068/diff/ > > > Testing > ------- > > tested entire chain. > > > Thanks, > > Joerg Schad > >
