Jared Stewart created GEODE-2153:
------------------------------------
Summary: PostProcessor security
Key: GEODE-2153
URL: https://issues.apache.org/jira/browse/GEODE-2153
Project: Geode
Issue Type: Improvement
Components: security
Reporter: Jared Stewart
I have started a server and locator using the sample RedactingPostProcessor
implementation. I created a /customers region and inserted a Customer:
{code}
Region<String, Customer> region = connectToRegion("customers");
Customer customer = new Customer(1L, "FirstName", "LastName",
"123-456-7890");
region.put("galen", customer);
{code}
The following query and get operation show our customer's SSN getting redacted
as expected:
{code}
Customer customerFromGet = region.get("galen");
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName,
lastName = LastName, ssn = ********** }
Object customerFromQuery = queryService.newQuery("select * from
/customers").execute();
//{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName,
lastName = LastName, ssn = ********** }
{code}
However, it is possible to leak information by accessing the field which is
supposed to be redacted in a where clause:
{code}
Object customer = queryService.newQuery("select c from /customers c where
c.socialSecurityNumber='123-456-7890'").execute();
//this redacts but still leaks the vital information
{code}
It is also possible to query the field directly:
{code}
Object customerSSN = queryService.newQuery("select c.socialSecurityNumber from
/customers c").execute();
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
