You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Andrew Wong (Jira)" <ji...@apache.org> on 2021/03/12 00:10:00 UTC

[jira] [Created] (KUDU-3259) Define ownership of transactions for participants to prevent malicious users from writing to a transaction

Andrew Wong created KUDU-3259:
---------------------------------

             Summary: Define ownership of transactions for participants to prevent malicious users from writing to a transaction
                 Key: KUDU-3259
                 URL: https://issues.apache.org/jira/browse/KUDU-3259
             Project: Kudu
          Issue Type: Improvement
          Components: security, transactions
            Reporter: Andrew Wong


Currently, any user can write as a part of a transaction. This isn't necessarily safe, though at the very least, Kudu still performs its authz checks on every write request that enters the system. When a participant calls BEGIN_TXN, we should consider also persisting the username of the writer, which should also get validated on the call to RegisterParticipant. Once successful, further write requests can be rejected if they are from other users.

Note that calls to the TxnStatusManager are protected in this way (e.g. calls to commit or rollback will validate that the caller matches the 'user' field in the {{TxnStatusEntryPB}}.

One thing to be cognizant of here is that if we are going to persist more metadata per transaction, we should strongly consider ways to reduce the amount of metadata stored in a single SuperBlockPB file.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)