[
https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15404629#comment-15404629
]
Andrew Purtell commented on PHOENIX-3126:
-----------------------------------------
I don't think we would see a null but that's a set of 'famous last words' right
before your process blows up with an NPE, so good to make this change just in
case. Also worth logging if it ever is null? - because that's going to be a
security problem.
> The driver implementation should take into account the context of the user
> --------------------------------------------------------------------------
>
> Key: PHOENIX-3126
> URL: https://issues.apache.org/jira/browse/PHOENIX-3126
> Project: Phoenix
> Issue Type: Bug
> Reporter: Devaraj Das
> Fix For: 4.8.0
>
> Attachments: PHOENIX-3126.txt, aaaa.java
>
>
> Ran into this issue ...
> We have an application that proxies various users internally and fires
> queries for those users. The Phoenix driver implementation caches connections
> it successfully creates and keys it by the ConnectionInfo. The ConnectionInfo
> doesn't take into consideration the "user". So random users (including those
> that aren't supposed to access) can access the tables in this sort of a setup.
> The fix is to also consider the User in the ConnectionInfo.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
