You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Ben Sykes (JIRA)" <ji...@apache.org> on 2013/10/29 17:26:31 UTC
[jira] [Created] (CASSANDRA-6266) Keyspace definition is leaked to
users without SELECT permissions
Ben Sykes created CASSANDRA-6266:
------------------------------------
Summary: Keyspace definition is leaked to users without SELECT permissions
Key: CASSANDRA-6266
URL: https://issues.apache.org/jira/browse/CASSANDRA-6266
Project: Cassandra
Issue Type: Bug
Environment: cqlsh 4.0.1 | Cassandra 2.0.1 | CQL spec 3.1.1 | Thrift protocol 19.37.0
java version "1.6.0_43"
Python 2.7.3
Reporter: Ben Sykes
>From CQLSH, a user without permissions on keyspaces can see a list of all keyspaces and get the keyspace definition.
{code}
$ ./cqlsh -u bob -p restricted
Connected to Test Cluster at localhost:9160.
[cqlsh 4.0.1 | Cassandra 2.0.1 | CQL spec 3.1.1 | Thrift protocol 19.37.0]
Use HELP for help.
cqlsh> DESC KEYSPACES;
stress system schema1 customer_a test system_auth system_traces
cqlsh> DESC KEYSPACE test;
CREATE KEYSPACE test WITH replication = {
'class': 'SimpleStrategy',
'replication_factor': '1'
};
USE test;
CREATE TABLE data (
assetid int,
year int,
field text,
time bigint,
value double,
PRIMARY KEY ((assetid, year, field), time)
) WITH
bloom_filter_fp_chance=0.010000 AND
caching='KEYS_ONLY' AND
comment='' AND
dclocal_read_repair_chance=0.000000 AND
gc_grace_seconds=864000 AND
index_interval=128 AND
read_repair_chance=0.100000 AND
replicate_on_write='true' AND
populate_io_cache_on_flush='false' AND
default_time_to_live=0 AND
speculative_retry='NONE' AND
memtable_flush_period_in_ms=0 AND
compaction={'class': 'SizeTieredCompactionStrategy'} AND
compression={'sstable_compression': 'LZ4Compressor'};
cqlsh> USE test;
cqlsh:test> SELECT * FROM data LIMIT 10;
Bad Request: User bob has no SELECT permission on <table test.data> or any of its parents
cqlsh:test>
{code}
--
This message was sent by Atlassian JIRA
(v6.1#6144)