You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Anoop Sam John (JIRA)" <ji...@apache.org> on 2014/07/01 08:12:24 UTC

[jira] [Commented] (HBASE-11434) [AccessController] Disallow inbound cells with reserved tags

    [ https://issues.apache.org/jira/browse/HBASE-11434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14048559#comment-14048559 ] 

Anoop Sam John commented on HBASE-11434:
----------------------------------------

{code}
+    // set up the list of users with superuser privilege
+    superusers = Lists.asList(userProvider.getCurrentUserName(),
+      conf.getStrings(AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
{code}
And  UserProvider#getCurrentUserName() returns user.getName().
We should use user.getShortName()  (?)

And previously this List of users were creating by
{code}
-    String currentUser = user.getShortName();
-    List<String> superusers = Lists.asList(currentUser, conf.getStrings(
-      AccessControlLists.SUPERUSER_CONF_KEY, new String[0]));
{code}
So we used getShortName().

> [AccessController] Disallow inbound cells with reserved tags
> ------------------------------------------------------------
>
>                 Key: HBASE-11434
>                 URL: https://issues.apache.org/jira/browse/HBASE-11434
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>             Fix For: 0.99.0, 0.98.4
>
>         Attachments: HBASE-11434.patch, HBASE-11434.patch
>
>
> The AccessController allows users to store cells with ACL tags encoded by the client. This isn't a security issue currently, because in order to store the cell the user must have a relevant WRITE grant, and the user is allowed to specify whatever ACL for the cell they'd like. However it could become a correctness problem in the future, if we introduce format sanity checking or the like, so let's disallow inbound mutations containing cells with reserved tags like the VisibilityController does. 
> The check is skipped if the active user is a superuser. First, superusers are allowed to do anything. Second, replication (as superuser) must be able to store incoming cells with ACL tags. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)