geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karen Smoler Miller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GEODE-2153) PostProcessor security
Date Thu, 01 Dec 2016 20:13:58 GMT

    [ https://issues.apache.org/jira/browse/GEODE-2153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712956#comment-15712956
] 

Karen Smoler Miller commented on GEODE-2153:
--------------------------------------------

Our documentation explicitly suggests using the post processing for redacting fields for security
purposes.  Since it can't be used for that (right now), I'm going to change the documentation
to state that fields can be formatted (not redacted).  In doing this, we will assure that
the documentation is better if we release a version of Geode before this ticket completes
a bug fix.  This is a better-safe-than-sorry documentation change.

If this ticket is completed before a new version of Geode comes out, we should again revise
the documentation.

> PostProcessor security
> ----------------------
>
>                 Key: GEODE-2153
>                 URL: https://issues.apache.org/jira/browse/GEODE-2153
>             Project: Geode
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jared Stewart
>
> I have started a server and locator using the sample RedactingPostProcessor implementation.
 I created a /customers region and inserted a Customer: 
> {code}
>  Region<String, Customer> region = connectToRegion("customers");
> Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");
> region.put("galen", customer);
> {code}
> The following query and get operation show our customer's SSN getting redacted as expected:
> {code}
> Customer customerFromGet = region.get("galen"); 
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName
= LastName, ssn = ********** }
> Object customerFromQuery = queryService.newQuery("select * from /customers").execute();
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName
= LastName, ssn = ********** }
> {code}
> However, it is possible to leak information by accessing the field which is supposed
to be redacted in a where clause:
> {code}
>      Object customer = queryService.newQuery("select c from /customers c where c.socialSecurityNumber='123-456-7890'").execute();
>  //this redacts but still leaks the vital information
> {code}
> It is also possible to query the field directly:
> {code}
> Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from /customers
c").execute();
> //[123-456-7890]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message