You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/04/12 09:00:00 UTC

[jira] [Commented] (IGNITE-8135) Missing SQL-DDL Authorization

    [ https://issues.apache.org/jira/browse/IGNITE-8135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435199#comment-16435199 ] 

ASF GitHub Bot commented on IGNITE-8135:
----------------------------------------

GitHub user devozerov opened a pull request:

    https://github.com/apache/ignite/pull/3801

    IGNITE-8135

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/gridgain/apache-ignite ignite-8135

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/ignite/pull/3801.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3801
    
----
commit 208803b724303f1ecc0bfa1a0af9020b916709d0
Author: devozerov <vo...@...>
Date:   2018-04-12T08:31:36Z

    DROP TABLE tests.

----


> Missing SQL-DDL Authorization
> -----------------------------
>
>                 Key: IGNITE-8135
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8135
>             Project: Ignite
>          Issue Type: Task
>          Components: sql
>    Affects Versions: 2.5
>            Reporter: Alexey Kukushkin
>            Assignee: Vladimir Ozerov
>            Priority: Major
>             Fix For: 2.5
>
>
> Ignite has infrastructure to support 3-rd party security plugins. To support authorization, Ignite has security checks spread all over the code delegating actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if authorization is enabled, it is currently possible to run any SQL to create/drop/alter caches and read/modify/remove the cache data thus bypassing security. The problem exists for both DDL (create/drop/alter table) and DML (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes, Java and .NET thin clients, ODBC and JDBC, REST.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)