ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (IGNITE-1887) REST-HTTP change queryId generation from sequence to random.
Date Thu, 12 Nov 2015 03:54:11 GMT

    [ https://issues.apache.org/jira/browse/IGNITE-1887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15001658#comment-15001658
] 

ASF GitHub Bot commented on IGNITE-1887:
----------------------------------------

GitHub user nva opened a pull request:

    https://github.com/apache/ignite/pull/223

    IGNITE-1887 Change queryId generation from sequence to random.

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nva/ignite ignite-1887

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/ignite/pull/223.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #223
    
----
commit 46fee47aab7c49654c1b3230b0549497b9b00354
Author: Andrey <anovikov@gridgain.com>
Date:   2015-11-12T03:46:59Z

    IGNITE-1887 Change queryId generation from sequence to random.

----


> REST-HTTP change queryId generation from sequence to random.
> ------------------------------------------------------------
>
>                 Key: IGNITE-1887
>                 URL: https://issues.apache.org/jira/browse/IGNITE-1887
>             Project: Ignite
>          Issue Type: Bug
>            Reporter: Andrey Novikov
>            Assignee: Andrey Novikov
>            Priority: Minor
>             Fix For: 1.5
>
>
> First problem:
>  1. client1 execute query and get queryId = 1.
>  2. node where query was executed is restarted (queryId generator
> initialized to zero).
>  3. client2 execute some query and also get queryId=1.
>  4. client1 fetch next page for queryId=1 and GETS results of client2.
> Second problem:
>  As queryId is generated sequentially it is very easy to brute force and
> some client could get data of other clients too easy.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message