pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] ivankelly commented on issue #2986: Fix logic to validate admin calls from proxy (validateOriginalPrincipal)
Date Mon, 19 Nov 2018 20:31:42 GMT
ivankelly commented on issue #2986: Fix logic to validate admin calls from proxy (validateOriginalPrincipal)
URL: https://github.com/apache/pulsar/pull/2986#issuecomment-440031812
 
 
   > So let's assume that the proxy machine is compromised or the attacker get his hands
on an old decommissioned machine then the attacker can send a request with ```authData = originalPrincipal
= <proxy role>``` and gain access to the namespace data.
   
   So, in the case of TLS, there's no auth data. I don't know how it works with athenz. But
with TLS, if someone compromises the proxy, all they need is to know the name of a role, and
they'll be able to impersonate it. Similarly, if the proxy is still active, they can just
listen to who is connecting and accumulate role names. This is, of course ,because TLS doesn't
use authData. Perhaps this isn't the case with athenz.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message