Return-Path: 
 <dev-return-45967-apmail-hbase-dev-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-dev-archive@www.apache.org
Delivered-To: apmail-hbase-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A764211ABA
	for <apmail-hbase-dev-archive@www.apache.org>;
 Sat, 28 Jun 2014 18:10:25 +0000 (UTC)
Received: (qmail 62171 invoked by uid 500); 28 Jun 2014 18:10:24 -0000
Delivered-To: apmail-hbase-dev-archive@hbase.apache.org
Received: (qmail 61977 invoked by uid 500); 28 Jun 2014 18:10:24 -0000
Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hbase.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hbase.apache.org>
List-Post: <mailto:dev@hbase.apache.org>
List-Id: <dev.hbase.apache.org>
Reply-To: dev@hbase.apache.org
Delivered-To: mailing list dev@hbase.apache.org
Received: (qmail 61766 invoked by uid 99); 28 Jun 2014 18:10:24 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Jun 2014 18:10:24 +0000
Date: Sat, 28 Jun 2014 18:10:24 +0000 (UTC)
From: "Andrew Purtell (JIRA)" <jira@apache.org>
To: dev@hbase.apache.org
Message-ID: <JIRA.12724300.1403978998146.68575.1403979024653@arcas>
In-Reply-To: <JIRA.12724300.1403978998146@arcas>
References: <JIRA.12724300.1403978998146@arcas>
Subject: [jira] [Created] (HBASE-11434) [AccessController] Disallow inbound
 cells with reserved tags
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Andrew Purtell created HBASE-11434:
--------------------------------------

             Summary: [AccessController] Disallow inbound cells with reserved tags
                 Key: HBASE-11434
                 URL: https://issues.apache.org/jira/browse/HBASE-11434
             Project: HBase
          Issue Type: Improvement
            Reporter: Andrew Purtell
            Assignee: Andrew Purtell
             Fix For: 0.99.0, 0.98.4


Currently the AccessController allows users to store cells with ACL tags encoded by the client. This isn't a security issue currently, because in order to store the cell the user must have a relevant WRITE grant, and the user is allowed to specify whatever ACL for the cell they'd like. However it could become a correctness problem in the future, if we introduce format sanity checking or the like, so let's disallow inbound mutations containing cells with reserved tags like the VisibilityController does. 

The check is skipped if the active user is a superuser. First, superusers are allowed to do anything. Second, replication (as superuser) must be able to store incoming cells with ACL tags. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)