phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3126) The driver implementation should take into account the context of the user
Date Mon, 01 Aug 2016 16:40:20 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402377#comment-15402377
] 

Josh Elser commented on PHOENIX-3126:
-------------------------------------

This is almost rather scary, but I think any security-minded application should have a tight
grip around how their credentials can be used (so I'm not too worried about this bug requiring
a CVE).

Just to clarify, the user {{zeppelin-secure@EXAMPLE.COM}} who has a keytab {{/etc/security/keytabs/zeppelin.server.kerberos.keytab}}
is allowed to impersonate the user {{admin}} but not the user {{user2}} (which are really
{{admin@EXAMPLE.COM}} and {{user2@EXAMPLE.COM}}), is that correct? [~prabhjyotsingh]

Tying the PhoenixEmbeddedDriver to the User who instantiated it makes sense (since we also
tie in the principal and keytab arguments from the JDBC url), but I'm curious to give this
a closer look for the >4.8.0 timeframe. Thanks for filing it [~devaraj].

> The driver implementation should take into account the context of the user
> --------------------------------------------------------------------------
>
>                 Key: PHOENIX-3126
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3126
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Devaraj Das
>         Attachments: PHOENIX-3126.txt, aaaa.java
>
>
> Ran into this issue ... 
> We have an application that proxies various users internally and fires queries for those
users. The Phoenix driver implementation caches connections it successfully creates and keys
it by the ConnectionInfo. The ConnectionInfo doesn't take into consideration the "user". So
random users (including those that aren't supposed to access) can access the tables in this
sort of a setup.
> The fix is to also consider the User in the ConnectionInfo.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message