accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Turner (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-246) Improve scan authorizations behavior
Date Mon, 06 Aug 2012 16:23:03 GMT


Keith Turner commented on ACCUMULO-246:

bq. In some cases, security posture may prefer no messages of any kind so that scanning by
malicious user does not give any hints if the data is there, if the authorizations are correct.

The current code does not give any indication if the data exist or not.  If throws an exception
with the scan auths are not a subset of the auths configured for the user. So the exception
is based on configuration, not data existence.
> Improve scan authorizations behavior
> ------------------------------------
>                 Key: ACCUMULO-246
>                 URL:
>             Project: Accumulo
>          Issue Type: Task
>          Components: client
>            Reporter: Billie Rinaldi
>              Labels: authorization, scan
>             Fix For: 1.5.0
> When a user creates a scanner a set of Authorizations is passed.  If the authorizations
passed to the scanner are not a subset of the user's authorizations, then an exception is
thrown.  An alternative would be to intersect the set of scan authorizations with the user's
authorizations.  Many users have had trouble understanding the "silent intersection" behavior,
which resulted in switching to throwing an Exception.  However, in situations where the user's
authorizations are lazily updated, and for very long running scans, intersection would be
preferable.  Possible fixes are 1) adding a flag to indicate whether to intersect or throw
an exception or 2) making it easier for the user to perform the intersection manually (which
would fix some issues, but not the long-running scans).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message