ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vladimir Ozerov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-2675) ODBC: Query ID is insecure.
Date Wed, 17 Feb 2016 12:07:18 GMT
Vladimir Ozerov created IGNITE-2675:
---------------------------------------

             Summary: ODBC: Query ID is insecure.
                 Key: IGNITE-2675
                 URL: https://issues.apache.org/jira/browse/IGNITE-2675
             Project: Ignite
          Issue Type: Sub-task
          Components: odbc
    Affects Versions: 1.5.0.final
            Reporter: Vladimir Ozerov
            Assignee: Igor Sapego
            Priority: Critical
             Fix For: 1.6


Query cursor ID is created using AtomicLong. It means that malicious user could easily read
data from any other cursor by simply bruteforcing identifiers.

To fix that query ID must be a composite of current session ID and unique identifier.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message