You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Vladimir Ozerov (JIRA)" <ji...@apache.org> on 2018/04/12 09:00:00 UTC

[jira] [Assigned] (IGNITE-8135) Missing SQL-DDL Authorization

     [ https://issues.apache.org/jira/browse/IGNITE-8135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vladimir Ozerov reassigned IGNITE-8135:
---------------------------------------

    Assignee: Vladimir Ozerov

> Missing SQL-DDL Authorization
> -----------------------------
>
>                 Key: IGNITE-8135
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8135
>             Project: Ignite
>          Issue Type: Task
>          Components: sql
>    Affects Versions: 2.5
>            Reporter: Alexey Kukushkin
>            Assignee: Vladimir Ozerov
>            Priority: Major
>             Fix For: 2.5
>
>
> Ignite has infrastructure to support 3-rd party security plugins. To support authorization, Ignite has security checks spread all over the code delegating actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if authorization is enabled, it is currently possible to run any SQL to create/drop/alter caches and read/modify/remove the cache data thus bypassing security. The problem exists for both DDL (create/drop/alter table) and DML (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes, Java and .NET thin clients, ODBC and JDBC, REST.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)