You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Jared Stewart (JIRA)" <ji...@apache.org> on 2016/11/30 00:12:58 UTC

[jira] [Updated] (GEODE-2153) PostProcessor security

     [ https://issues.apache.org/jira/browse/GEODE-2153?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jared Stewart updated GEODE-2153:
---------------------------------
    Description: 
I have started a server and locator using the sample RedactingPostProcessor implementation.  I created a /customers region and inserted a Customer: 

{code}
 Region<String, Customer> region = connectToRegion("customers");
Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");
region.put("galen", customer);
{code}

The following query and get operation show our customer's SSN getting redacted as expected:
{code}
Customer customerFromGet = region.get("galen"); 
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
Object customerFromQuery = queryService.newQuery("select * from /customers").execute();
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
{code}

However, it is possible to leak information by accessing the field which is supposed to be redacted in a where clause:

{code}
     Object customer = queryService.newQuery("select c from /customers c where c.socialSecurityNumber='123-456-7890'").execute();
 //this redacts but still leaks the vital information
{code}

It is also possible to query the field directly:

{code}
Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from /customers c").execute();
{code}


  was:
I have started a server and locator using the sample RedactingPostProcessor implementation.  I created a /customers region and inserted a Customer: 

{code}
 Region<String, Customer> region = connectToRegion("customers");

    Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");

    region.put("galen", customer);
{code}

The following query and get operation show our customer's SSN getting redacted as expected:
{code}
    Customer customerFromGet = region.get("galen"); 
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
  
    Object customerFromQuery = queryService.newQuery("select * from /customers").execute();
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
{code}

However, it is possible to leak information by accessing the field which is supposed to be redacted in a where clause:

{code}
     Object customer = queryService.newQuery("select c from /customers c where c.socialSecurityNumber='123-456-7890'").execute();
 //this redacts but still leaks the vital information
{code}

It is also possible to query the field directly:

{code}
Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from /customers c").execute();
{code}



> PostProcessor security
> ----------------------
>
>                 Key: GEODE-2153
>                 URL: https://issues.apache.org/jira/browse/GEODE-2153
>             Project: Geode
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jared Stewart
>
> I have started a server and locator using the sample RedactingPostProcessor implementation.  I created a /customers region and inserted a Customer: 
> {code}
>  Region<String, Customer> region = connectToRegion("customers");
> Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");
> region.put("galen", customer);
> {code}
> The following query and get operation show our customer's SSN getting redacted as expected:
> {code}
> Customer customerFromGet = region.get("galen"); 
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
> Object customerFromQuery = queryService.newQuery("select * from /customers").execute();
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, lastName = LastName, ssn = ********** }
> {code}
> However, it is possible to leak information by accessing the field which is supposed to be redacted in a where clause:
> {code}
>      Object customer = queryService.newQuery("select c from /customers c where c.socialSecurityNumber='123-456-7890'").execute();
>  //this redacts but still leaks the vital information
> {code}
> It is also possible to query the field directly:
> {code}
> Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from /customers c").execute();
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)