accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Newton <eric.new...@gmail.com>
Subject Re: "NOT" operator in visibility string
Date Thu, 20 Mar 2014 14:16:59 GMT
I never thought through the implications of NOT for security labelling.  It
really doesn't come up in our use-cases: we always allow users to see less
data by voluntarily reducing their authorizations.

After thinking about it now, my views are best represented by the arguments
presented Christopher.

add a configurable switch that you could enable/disable the NOT operator
>

What would it mean if you allowed NOT labels, and then changed the
parameter?  Would you treat the labels as illegal?

I don't want to explain to accumulo administrators that they should never
turn that switch on to solve their visibility puzzle.  I don't want to
explain to an investigator that a little used switch was mistakenly used to
implement a poor visibility policy that allowed someone to see data they
should not have seen.

The code looks perfectly good, does what it says it should do, is complete
and has nice tests.

But I would not want it in accumulo.

-Eric



On Thu, Mar 20, 2014 at 9:27 AM, joeferner <joe.m.ferner@gmail.com> wrote:

> If I were to add a configurable switch that you could enable/disable the
> NOT
> operator would that increase the likelihood of this patch being accepted? I
> could make it default 'disabled'.
>
>
>
> --
> View this message in context:
> http://apache-accumulo.1065345.n5.nabble.com/NOT-operator-in-visibility-string-tp7949p8310.html
> Sent from the Users mailing list archive at Nabble.com.
>

Mime
View raw message