cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aleksey Yeschenko (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CASSANDRA-6266) Keyspace definition is leaked to users without SELECT permissions
Date Tue, 29 Oct 2013 20:23:26 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-6266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aleksey Yeschenko resolved CASSANDRA-6266.
------------------------------------------

    Resolution: Not A Problem

This is intentional. So long as you are a valid user, you can see the schema, if auth is enabled
(that and some other system stuff that our tools require).

There is no practical way to limit this, so we don't.

> Keyspace definition is leaked to users without SELECT permissions
> -----------------------------------------------------------------
>
>                 Key: CASSANDRA-6266
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-6266
>             Project: Cassandra
>          Issue Type: Bug
>         Environment: cqlsh 4.0.1 | Cassandra 2.0.1 | CQL spec 3.1.1 | Thrift protocol
19.37.0
> java version "1.6.0_43"
> Python 2.7.3
>            Reporter: Ben Sykes
>
> From CQLSH, a user without permissions on keyspaces can see a list of all keyspaces and
get the keyspace definition.
> {code}
> $ ./cqlsh -u bob -p restricted
> Connected to Test Cluster at localhost:9160.
> [cqlsh 4.0.1 | Cassandra 2.0.1 | CQL spec 3.1.1 | Thrift protocol 19.37.0]
> Use HELP for help.
> cqlsh> DESC KEYSPACES;
> stress  system  schema1  customer_a  test  system_auth  system_traces
> cqlsh> DESC KEYSPACE test;
> CREATE KEYSPACE test WITH replication = {
>   'class': 'SimpleStrategy',
>   'replication_factor': '1'
> };
> USE test;
> CREATE TABLE data (
>   assetid int,
>   year int,
>   field text,
>   time bigint,
>   value double,
>   PRIMARY KEY ((assetid, year, field), time)
> ) WITH
>   bloom_filter_fp_chance=0.010000 AND
>   caching='KEYS_ONLY' AND
>   comment='' AND
>   dclocal_read_repair_chance=0.000000 AND
>   gc_grace_seconds=864000 AND
>   index_interval=128 AND
>   read_repair_chance=0.100000 AND
>   replicate_on_write='true' AND
>   populate_io_cache_on_flush='false' AND
>   default_time_to_live=0 AND
>   speculative_retry='NONE' AND
>   memtable_flush_period_in_ms=0 AND
>   compaction={'class': 'SizeTieredCompactionStrategy'} AND
>   compression={'sstable_compression': 'LZ4Compressor'};
> cqlsh> USE test;
> cqlsh:test> SELECT * FROM data LIMIT 10;
> Bad Request: User bob has no SELECT permission on <table test.data> or any of its
parents
> cqlsh:test>
> {code}



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message