[jira] [Commented] (CASSANDRA-4933) SimpleAuthority is incompatible with new Permissions and "resources lists"

Fri, 09 Nov 2012 06:00:19 -0800 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-4933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493999#comment-13493999
 ] 

Jonathan Ellis commented on CASSANDRA-4933:
-------------------------------------------

That's right.
                
> SimpleAuthority is incompatible with new Permissions and "resources lists"
> --------------------------------------------------------------------------
>
>                 Key: CASSANDRA-4933
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-4933
>             Project: Cassandra
>          Issue Type: Bug
>    Affects Versions: 1.1.6
>         Environment: Previously 1.1.0 + Authentication patch CASSANDRA-4155 
> (working).
> Currently: 1.1.6 (not working)
>            Reporter: Michał Michalski
>            Assignee: Michał Michalski
>            Priority: Trivial
>         Attachments: cassandra-1.1.6-issue-4933.txt
>
>
> Commit aba5a37650232dbf10b505c04b257f73b6c9b579 by Pavel Yaskevich introduced 
> some significant changes in Permissions system. Except new permission types, 
> also resource hierarchy has changed - previously creating a keyspace was 
> requesting for for WRITE permission for /cassandra/keyspaces. Now it requests 
> for CREATE permission for /cassandra/keyspaces/<new-keyspace-name>. This 
> change brakes the SimpleAuthority code that relies on the length of the 
> resource list which differs now - we cannot distinguish operations that 
> modify keyspaces (perviously: resource list of length 2; currently: 3) from 
> these ones that read it or so (resource list of length 3).
> I've prepared a patch that fixes it in the way that I understand it should 
> work now (comment in 1.1.6's IAuthority.java is out of date and refers to old 
> READ/WRITE permissions only). 
> Yes, I know that SimpleAuth(enticator/ority) are deprecated, should not be 
> used in production and so on, but even if they are unsufficient as a 
> protection from external threats, they're still good enough in our case as a 
> very basic protection from accidental changes made by developers ;) 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to