You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Duo Zhang (JIRA)" <ji...@apache.org> on 2017/12/27 01:02:37 UTC

[jira] [Created] (HBASE-19634) Confirm that we do not leak the privilege for modifying replication peer to unauthorized user

Duo Zhang created HBASE-19634:
---------------------------------

             Summary: Confirm that we do not leak the privilege for modifying replication peer to unauthorized user
                 Key: HBASE-19634
                 URL: https://issues.apache.org/jira/browse/HBASE-19634
             Project: HBase
          Issue Type: Sub-task
            Reporter: Duo Zhang


This is important, the actual refresh on RS is trigger by the executeProcedure call and it will pass some information. These information should not be fully trusted since anyone can all this method. We need to make sure that the actual data/state for a replication peer is always loaded from the replication storage, not from the parameter of the executeProcedure call.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)