You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Vladimir Ozerov (JIRA)" <ji...@apache.org> on 2018/04/03 10:53:00 UTC
[jira] [Commented] (IGNITE-6856) SQL: invalid security checks
during query execution
[ https://issues.apache.org/jira/browse/IGNITE-6856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16423838#comment-16423838 ]
Vladimir Ozerov commented on IGNITE-6856:
-----------------------------------------
Apparently, the problem is deeper than I thought in the first place.
1) SQL permissions have never worked correctly. If query is executed through cache API, then we only check permissions against this cache. It means, that if one has read permission to one cache, it could be used as a "window" for all other caches.
2) Our new DML and DDL commands are not integrated into security circuit anyhow at the moment. They require different checks and permissions comparing to {{SELECT}} statements. Also note that with DDL we need to have completely new permissions for {{CREATE/DROP INDEX}}.
> SQL: invalid security checks during query execution
> ---------------------------------------------------
>
> Key: IGNITE-6856
> URL: https://issues.apache.org/jira/browse/IGNITE-6856
> Project: Ignite
> Issue Type: Bug
> Components: cache, sql
> Affects Versions: 2.3
> Reporter: Vladimir Ozerov
> Priority: Major
> Fix For: 2.5
>
>
> Currently security check is performed inside {{IgniteCacheProxy}}. This is wrong place. Instead, we should perform it inside query processor after parsing when all affected caches are known.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)