ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From franck102 <franck...@yahoo.com>
Subject Security question
Date Fri, 13 Oct 2017 07:52:30 GMT
Hi all,

Stepping through the code during a cache.get() request from a client node to
a server node, I don't see that GridSecurityProcessor.authorize will ever be
called on the server node?

Authorize is called on the client node, but on the server node the code goes
straight to GridCacheAdapter#getAllAsync0 which skips the ctx.checkSecurity

If that is the case any node which is able to connect can easily do anything
on a cache using custom client code to bypass client-side security... am I
missing something?


Sent from: http://apache-ignite-users.70518.x6.nabble.com/

View raw message