[
https://issues.apache.org/jira/browse/RANGER-5141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17926664#comment-17926664
]
Abhishek Jain commented on RANGER-5141:
---------------------------------------
*For example:*
Column '{_}Address{_}' in Table '{_}Employee{_}' is of type String and has
*alphanumeric* values like '{_}Bangalore 560034{_}', 'Chennai 600005' etc.
With redact masking option, these values will be encoded like '{_}xxxxxxxxx
nnnnnn{_}', '{_}xxxxxxx nnnnnn{_}' respectively.
Hence, the user can interpret that this column has values containing both
alphabets and numbers.
> [Column Masking] : Security Loop hole for Columns having alphanumeric values
> using "Redact" Masking option
> ----------------------------------------------------------------------------------------------------------
>
> Key: RANGER-5141
> URL: https://issues.apache.org/jira/browse/RANGER-5141
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.4.0
> Reporter: Abhishek Jain
> Priority: Major
> Labels: improvement, masking, security-issue
>
> Ranger partially exposes the columns having alphanumeric sensitive
> values(String DataType) if the column is masked using ranger's column masking
> policy with "redact" option.
> _+*Steps to Reproduce:*+_
> 1) Create Hive table and insert data in it.
> 2) Create Ranger Column Masking Policy on a string type column (with
> alphanumeric values) for <testuser> with redact option.
> 3) Fetch this column using <testuser> user in hive/beeline.
> _*With such behaviour, it becomes easier for the un-authorised users i.e
> <testuser> to guess these sensitive values of this particular column masked
> with "redact" option.*_
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
