[
https://issues.apache.org/jira/browse/DRILL-5882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16210263#comment-16210263
]
ASF GitHub Bot commented on DRILL-5882:
---------------------------------------
Github user bitblender commented on a diff in the pull request:
https://github.com/apache/drill/pull/997#discussion_r145567205
--- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
@@ -595,6 +611,12 @@ connectionStatus_t
DrillClientImpl::validateHandshake(DrillUserProperties* prope
switch(this->m_handshakeStatus) {
case exec::user::SUCCESS:
+ // Check if client needs auth/encryption and server is not
requiring it
+ if(clientNeedsAuthentication(properties) ||
clientNeedsEncryption(properties)) {
--- End diff --
- Externalized the messages to errmsgs.cpp
- Changed the error message to "Client needs a secure connection but server
does not support... " to account for the case where auth and/or enc is required
by the client but missing on the server
> C++ Client: [Threat Modeling] Drillbit may be spoofed by an attacker and this
> may lead to data being written to the attacker's target instead of Drillbit
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DRILL-5882
> URL: https://issues.apache.org/jira/browse/DRILL-5882
> Project: Apache Drill
> Issue Type: Sub-task
> Components: Client - C++
> Reporter: Sorabh Hamirwasia
> Assignee: Karthikeyan Manivannan
> Fix For: 1.12.0
>
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
