You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2013/01/11 00:44:12 UTC
[jira] [Commented] (CASSANDRA-5144) Validate login for Thrift
describe_keyspace, describe_keyspaces and set_keyspace methods
[ https://issues.apache.org/jira/browse/CASSANDRA-5144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13550567#comment-13550567 ]
Jonathan Ellis commented on CASSANDRA-5144:
-------------------------------------------
Thrift has AuthenticationException and AuthorizationException instead of IRE. Otherwise +1
> Validate login for Thrift describe_keyspace, describe_keyspaces and set_keyspace methods
> ----------------------------------------------------------------------------------------
>
> Key: CASSANDRA-5144
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5144
> Project: Cassandra
> Issue Type: Bug
> Affects Versions: 1.2.0
> Reporter: Aleksey Yeschenko
> Assignee: Aleksey Yeschenko
> Priority: Trivial
> Fix For: 1.2.1
>
> Attachments: 5144.txt
>
>
> Not validating login leaks info about keyspaces and columnfamilies if the configured authenticator requires validation.
> This change does not affect AllowAllAuthenticator, but if an implementation forbids anonymous access, we should deny this information to unauthenticated users.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira