You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Gregory Chanan (JIRA)" <ji...@apache.org> on 2014/04/29 00:55:15 UTC

[jira] [Commented] (SENTRY-187) Use invariants rather than default for specification of update index level authorization

    [ https://issues.apache.org/jira/browse/SENTRY-187?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13983700#comment-13983700 ] 

Gregory Chanan commented on SENTRY-187:
---------------------------------------

Review request: https://reviews.apache.org/r/20813/

> Use invariants rather than default for specification of update index level authorization
> ----------------------------------------------------------------------------------------
>
>                 Key: SENTRY-187
>                 URL: https://issues.apache.org/jira/browse/SENTRY-187
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: Gregory Chanan
>            Assignee: Gregory Chanan
>             Fix For: 1.4.0
>
>         Attachments: SENTRY-187.patch
>
>
> we use "defaults" rather than "invariants" for our update index authorization checks.  It's possible, if another updateRequestProcessorChain is defined in the solrconfig.xml, that a user could override the default processor chain in order to bypass the update index authorization checks.  There aren't any other updateRequestProcessorChains defined in our generated solrconfig.xml/solrconfig.xml.secure, so this shouldn't be a common issue.



--
This message was sent by Atlassian JIRA
(v6.2#6252)