Comments (7)
tawan
commented on June 20, 2024
1
Hi @Onumis ,
Thanks for your input. I can understand your points, however I'd rather leave the security measures in place for now. The focus of this gem is simplicity and ease of use. A user should be able to use the gem and the gem takes care of protecting the web-environment from being spoofed into processing jobs. Even though the middleware can be disabled by an environment variable in the web environment, I'd rather keep the additional layers of protection in place - a user might forget to set the environment variable.
You can of course fork the gem and adapt it to your needs, but there is another option:
You can write your own middleware and replace the SQSMessageConsumer. In your middleware you can remove checks that you don't need. Have a look on Rails' guide on Rack. It explains how to delete and insert middleware.
I leave this issue open, let's see how others think about it.
Thanks again for your input.
from active-elastic-job.
nunosilva800
commented on June 20, 2024
@tawan thanks! I'm gonna give a try with by writing my own middleware and swapping it with SQSMessageConsumer.
from active-elastic-job.
nunosilva800
commented on June 20, 2024
By the way @tawan you can avoid
a user might forget to set the environment variable.
If you instead use an env var to activate the worker: ENABLE_SQS_CONSUMER=TRUE
That way the web environment keeps as is, and the user has to explicitly activate this on the worker environment.
from active-elastic-job.
tawan
commented on June 20, 2024
@Onumis That is correct. The opt-in environment variable would have been a better solution. I don't know if I can introduce this change and be backwards compatible, though. I'll think about it, but thanks for noticing.
from active-elastic-job.
nunosilva800
commented on June 20, 2024
Better start with a deprecation warning and only do the change in a future release.
from active-elastic-job.
zaaroth
commented on June 20, 2024
I am not sure that would be better. In my case, for instance, I got a single web environment and a few worker environments. This is probably the average setup because you need a worker environment per queue. I believe simpler applications would use only a single queue, but most are likely to use more than one. At least to me it is easier to disable the consumer on the web environment (once) and be free to create more queues not having to worry with that.
from active-elastic-job.
tawan
commented on June 20, 2024
@zaaroth Makes sense. I'll leave it as it is.
from active-elastic-job.
Related Issues (20)
- Applying new patches HOT 1
- Job gets enqueued but code in perform function won't run HOT 10
- Very long delay when enqueuing new jobs (~38 seconds) HOT 2
- Rails6 ActiveJob::QueueAdapters::ActiveElasticJobAdapter::NonExistentQueue HOT 1
- Is this actively maintained? HOT 7
- ActionController::RoutingError (No route matches [POST] "/scheduled"): HOT 1
- Trigger Rails Job from Java Service
- update aws-sdk-sqs HOT 3
- Rails 6.1 - Running inside Docker
- Version bumps should automatically update integration testing Gemfile.lock files
- Add support for Rails 7 and Ruby 3 HOT 1
- Delete periodic task from cronjob.yaml HOT 1
- EB docker environment Nginx 502 gateway errors HOT 5
- Question regarding active_storage_analysis HOT 1
- /var/proxy/staging/nginx/conf.d/read_timeout.conf disappears HOT 4
- Configure queue url for multiple AWS accounts HOT 24
- SQS message timeout response
- Comparison to aws-sdk-sqs, and how to boot the worker? HOT 3
- periodic tasks are not verified? HOT 1
- 403 response on Docker Amazon Linux 2023
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-elastic-job.