[
https://issues.apache.org/jira/browse/DRILL-5882?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16210272#comment-16210272
]
ASF GitHub Bot commented on DRILL-5882:
---------------------------------------
Github user bitblender commented on a diff in the pull request:
https://github.com/apache/drill/pull/997#discussion_r145568130
--- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
@@ -595,6 +611,12 @@ connectionStatus_t
DrillClientImpl::validateHandshake(DrillUserProperties* prope
switch(this->m_handshakeStatus) {
case exec::user::SUCCESS:
+ // Check if client needs auth/encryption and server is not
requiring it
--- End diff --
Yes. The control flow goes through the AUTH_REQUIRED case when the server
requires auth.
> C++ Client: [Threat Modeling] Drillbit may be spoofed by an attacker and this
> may lead to data being written to the attacker's target instead of Drillbit
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DRILL-5882
> URL: https://issues.apache.org/jira/browse/DRILL-5882
> Project: Apache Drill
> Issue Type: Sub-task
> Components: Client - C++
> Reporter: Sorabh Hamirwasia
> Assignee: Karthikeyan Manivannan
> Fix For: 1.12.0
>
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
