docs: security requirement of NameResolver.getServiceAuthority() (#2665)

In response to #2662
grpc · Jan 27, 2017 · 9983a7b · 9983a7b
1 parent 65e4d9f
commit 9983a7b
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/core/src/main/java/io/grpc/NameResolver.java b/core/src/main/java/io/grpc/NameResolver.java
@@ -49,11 +49,13 @@
 @ThreadSafe
 public abstract class NameResolver {
   /**
-   * Returns the authority, which is also the name of the service.
+   * Returns the authority used to authenticate connections to servers.  It <strong>must</strong> be
+   * from a trusted source, because if the authority is tampered with, RPCs may be sent to the
+   * attackers which may leak sensitive user data.
    *
-   * <p>An implementation must generate it locally and <string>must</strong> keep it
-   * unchanged. {@code NameResolver}s created from the same factory with the same argument must
-   * return the same authority.
+   * <p>An implementation must generate it without blocking, typically in line, and
+   * <strong>must</strong> keep it unchanged. {@code NameResolver}s created from the same factory
+   * with the same argument must return the same authority.
    */
   public abstract String getServiceAuthority();