[
https://issues.apache.org/jira/browse/RANGER-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15373038#comment-15373038
]
rangerqa commented on RANGER-1095:
----------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12817449/0001-RANGER-1095-Invert-authorization-logic-in-RangerSolr.patch
against master revision e191a4b.
{color:red}-1 patch{color}. master compilation may be broken.
Console output:
https://builds.apache.org/job/PreCommit-RANGER-Build/292//console
This message is automatically generated.
> Invert authorization logic in RangerSolrAuthorizer
> --------------------------------------------------
>
> Key: RANGER-1095
> URL: https://issues.apache.org/jira/browse/RANGER-1095
> Project: Ranger
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1095-Invert-authorization-logic-in-RangerSolr.patch
>
>
> The RangerSolrAuthorizer controls access via a boolean "isDenied" which
> defaults to false. However, there is a try statement which just logs an
> error. This is a potential security risk, as a malformed request could cause
> (e.g.) a NPE which will result in 200 being returned.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
