phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PHOENIX-3126) The driver implementation should take into account the context of the user
Date Mon, 01 Aug 2016 19:08:20 GMT

    [ https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402639#comment-15402639
] 

Andrew Purtell commented on PHOENIX-3126:
-----------------------------------------

Different users can't share a connection. HBase authenticates at the connection level, not
per request. Important to make sure the wrong user doesn't get a cached connection for someone
else. 

> The driver implementation should take into account the context of the user
> --------------------------------------------------------------------------
>
>                 Key: PHOENIX-3126
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3126
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Devaraj Das
>         Attachments: PHOENIX-3126.txt, aaaa.java
>
>
> Ran into this issue ... 
> We have an application that proxies various users internally and fires queries for those
users. The Phoenix driver implementation caches connections it successfully creates and keys
it by the ConnectionInfo. The ConnectionInfo doesn't take into consideration the "user". So
random users (including those that aren't supposed to access) can access the tables in this
sort of a setup.
> The fix is to also consider the User in the ConnectionInfo.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message