[jira] [Closed] (CONTINUUM-2761) Users with limited group visibility cause expensive queries when running build reports

[Brent N Atkinson (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CONTINUUM-2761?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Brent N Atkinson closed CONTINUUM-2761.
---------------------------------------
    Resolution: Fixed

Fixed in r1677509

> Users with limited group visibility cause expensive queries when running 
> build reports
> --------------------------------------------------------------------------------------
>
>                 Key: CONTINUUM-2761
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2761
>             Project: Continuum
>          Issue Type: Bug
>            Reporter: Brent N Atkinson
>            Assignee: Brent N Atkinson
>             Fix For: 1.5.0
>
>
> As a user with limited group visibility, when running a report for ALL groups 
> the entire result set is queried. The results are subsequently loaded into 
> memory and are filtered based on their permissions. This allows the user to 
> initiate much more expensive queries that can have a significantly negative 
> effect on service health.
> An example: 
> The guest user is granted permission to see only the Default Group, which is 
> empty, on a server with an extremely large number of build results in other 
> groups. An anonymous user visits the server and runs an open build report 
> (ALL groups, ALL statuses).
> What you would expect: The anonymous user finds exactly what is visible to 
> them by browsing the project group: there are no results. Because there are 
> no results, the query is answered quickly.
> What actually happens: the entire build result table is scanned resulting in 
> an extremely long query (due to the large number of build results). Also, 
> prior to the work on CONTINUUM-2746, which uses range queries to load results 
> in batches, this would crash the system with an {{OutOfMemoryError}}. 
> The essence of the issue is that users can cause an effect that is 
> disproportional to their privilege. Ideally, users should only be able to 
> affect the system by accessing resources they actually have permission to see 
> (scanning only rows they have access to).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)