geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jared Stewart (JIRA)" <j...@apache.org>
Subject [jira] [Created] (GEODE-2153) PostProcessor security
Date Wed, 30 Nov 2016 00:11:59 GMT
Jared Stewart created GEODE-2153:
------------------------------------

             Summary: PostProcessor security
                 Key: GEODE-2153
                 URL: https://issues.apache.org/jira/browse/GEODE-2153
             Project: Geode
          Issue Type: Improvement
          Components: security
            Reporter: Jared Stewart


I have started a server and locator using the sample RedactingPostProcessor implementation.
 I created a /customers region and inserted a Customer: 

{code}
 Region<String, Customer> region = connectToRegion("customers");

    Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");

    region.put("galen", customer);
{code}

The following query and get operation show our customer's SSN getting redacted as expected:
{code}
    Customer customerFromGet = region.get("galen"); 
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName,
ssn = ********** }
  
    Object customerFromQuery = queryService.newQuery("select * from /customers").execute();
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName,
ssn = ********** }
{code}

However, it is possible to leak information by accessing the field which is supposed to be
redacted in a where clause:

{code}
     Object customer = queryService.newQuery("select c from /customers c where c.socialSecurityNumber='123-456-7890'").execute();
 //this redacts but still leaks the vital information
{code}

It is also possible to query the field directly:

{code}
Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from /customers
c").execute();
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message