[
https://issues.apache.org/jira/browse/ACCUMULO-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13429230#comment-13429230
]
Keith Turner commented on ACCUMULO-246:
---------------------------------------
bq. In some cases, security posture may prefer no messages of any kind so that
scanning by malicious user does not give any hints if the data is there, if the
authorizations are correct.
The current code does not give any indication if the data exist or not. If
throws an exception with the scan auths are not a subset of the auths
configured for the user. So the exception is based on configuration, not data
existence.
> Improve scan authorizations behavior
> ------------------------------------
>
> Key: ACCUMULO-246
> URL: https://issues.apache.org/jira/browse/ACCUMULO-246
> Project: Accumulo
> Issue Type: Task
> Components: client
> Reporter: Billie Rinaldi
> Labels: authorization, scan
> Fix For: 1.5.0
>
>
> When a user creates a scanner a set of Authorizations is passed. If the
> authorizations passed to the scanner are not a subset of the user's
> authorizations, then an exception is thrown. An alternative would be to
> intersect the set of scan authorizations with the user's authorizations.
> Many users have had trouble understanding the "silent intersection" behavior,
> which resulted in switching to throwing an Exception. However, in situations
> where the user's authorizations are lazily updated, and for very long running
> scans, intersection would be preferable. Possible fixes are 1) adding a flag
> to indicate whether to intersect or throw an exception or 2) making it easier
> for the user to perform the intersection manually (which would fix some
> issues, but not the long-running scans).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
