----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49954/#review141969 -----------------------------------------------------------
Ship it! Ship It! - Don Bosco Durai On July 12, 2016, 3:03 p.m., Colm O hEigeartaigh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49954/ > ----------------------------------------------------------- > > (Updated July 12, 2016, 3:03 p.m.) > > > Review request for ranger. > > > Bugs: RANGER-1095 > https://issues.apache.org/jira/browse/RANGER-1095 > > > Repository: ranger > > > Description > ------- > > The RangerSolrAuthorizer controls access via a boolean "isDenied" which > defaults to false. However, there is a try statement which just logs an > error. This is a potential security risk, as a malformed request could cause > (e.g.) a NPE which will result in 200 being returned. > > > Diffs > ----- > > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > 4376908 > > Diff: https://reviews.apache.org/r/49954/diff/ > > > Testing > ------- > > Tested locally, tests to be submitted separately. > > > Thanks, > > Colm O hEigeartaigh > >
