You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/03/09 22:48:37 UTC
[jira] [Created] (KUDU-1918) Prevent hijacking of scanners by other
users
Todd Lipcon created KUDU-1918:
---------------------------------
Summary: Prevent hijacking of scanners by other users
Key: KUDU-1918
URL: https://issues.apache.org/jira/browse/KUDU-1918
Project: Kudu
Issue Type: Improvement
Components: security, tserver
Affects Versions: 1.3.0
Reporter: Todd Lipcon
Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't necessarily use a secure random source. If these turn out to be predictable, some attack around scanner hijacking might be possible. We should use an unpredictable source for scanner IDs, or save the original authenticated user in the Scanner and ensure that the authentication does not switch mid-scan.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)