You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ignite.apache.org by "Vladimir Ozerov (JIRA)" <ji...@apache.org> on 2016/02/17 13:07:18 UTC

[jira] [Created] (IGNITE-2675) ODBC: Query ID is insecure.

Vladimir Ozerov created IGNITE-2675:
---------------------------------------

             Summary: ODBC: Query ID is insecure.
                 Key: IGNITE-2675
                 URL: https://issues.apache.org/jira/browse/IGNITE-2675
             Project: Ignite
          Issue Type: Sub-task
          Components: odbc
    Affects Versions: 1.5.0.final
            Reporter: Vladimir Ozerov
            Assignee: Igor Sapego
            Priority: Critical
             Fix For: 1.6


Query cursor ID is created using AtomicLong. It means that malicious user could easily read data from any other cursor by simply bruteforcing identifiers.

To fix that query ID must be a composite of current session ID and unique identifier.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)