From ec5249357ea11290565a30ebc5a6e936873e4635 Mon Sep 17 00:00:00 2001 From: James Phillips Date: Mon, 9 Nov 2015 21:15:55 -0800 Subject: [PATCH] Clarifies comment about name vs. ID. --- consul/state/prepared_query.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/consul/state/prepared_query.go b/consul/state/prepared_query.go index e8f2e48ab..baba66c8a 100644 --- a/consul/state/prepared_query.go +++ b/consul/state/prepared_query.go @@ -68,9 +68,12 @@ func (s *StateStore) preparedQuerySetTxn(tx *memdb.Txn, idx uint64, query *struc query.ModifyIndex = idx } - // Verify that the name doesn't alias any existing ID. If we didn't do - // this then a bad actor could steal traffic away from an existing DNS - // entry. + // Verify that the name doesn't alias any existing ID. We allow queries + // to be looked up by ID *or* name so we don't want anyone to try to + // register a query with a name equal to some other query's ID in an + // attempt to hijack it. We also look up by ID *then* name in order to + // prevent this, but it seems prudent to prevent these types of rogue + // queries from ever making it into the state store. if query.Name != "" { existing, err := tx.First("prepared-queries", "id", query.Name)