You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ignite.apache.org by "Vladimir Ozerov (JIRA)" <ji...@apache.org> on 2016/02/17 13:07:18 UTC
[jira] [Created] (IGNITE-2675) ODBC: Query ID is insecure.
Vladimir Ozerov created IGNITE-2675:
---------------------------------------
Summary: ODBC: Query ID is insecure.
Key: IGNITE-2675
URL: https://issues.apache.org/jira/browse/IGNITE-2675
Project: Ignite
Issue Type: Sub-task
Components: odbc
Affects Versions: 1.5.0.final
Reporter: Vladimir Ozerov
Assignee: Igor Sapego
Priority: Critical
Fix For: 1.6
Query cursor ID is created using AtomicLong. It means that malicious user could easily read data from any other cursor by simply bruteforcing identifiers.
To fix that query ID must be a composite of current session ID and unique identifier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)