[ 
https://issues.apache.org/jira/browse/GEODE-2153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712956#comment-15712956
 ] 

Karen Smoler Miller commented on GEODE-2153:
--------------------------------------------

Our documentation explicitly suggests using the post processing for redacting 
fields for security purposes.  Since it can't be used for that (right now), I'm 
going to change the documentation to state that fields can be formatted (not 
redacted).  In doing this, we will assure that the documentation is better if 
we release a version of Geode before this ticket completes a bug fix.  This is 
a better-safe-than-sorry documentation change.

If this ticket is completed before a new version of Geode comes out, we should 
again revise the documentation.

> PostProcessor security
> ----------------------
>
>                 Key: GEODE-2153
>                 URL: https://issues.apache.org/jira/browse/GEODE-2153
>             Project: Geode
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jared Stewart
>
> I have started a server and locator using the sample RedactingPostProcessor 
> implementation.  I created a /customers region and inserted a Customer: 
> {code}
>  Region<String, Customer> region = connectToRegion("customers");
> Customer customer = new Customer(1L, "FirstName", "LastName", "123-456-7890");
> region.put("galen", customer);
> {code}
> The following query and get operation show our customer's SSN getting 
> redacted as expected:
> {code}
> Customer customerFromGet = region.get("galen"); 
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, 
> lastName = LastName, ssn = ********** }
> Object customerFromQuery = queryService.newQuery("select * from 
> /customers").execute();
> //{ type = com.jaredjstewart.Customer, customerId = 1, firstName = FirstName, 
> lastName = LastName, ssn = ********** }
> {code}
> However, it is possible to leak information by accessing the field which is 
> supposed to be redacted in a where clause:
> {code}
>      Object customer = queryService.newQuery("select c from /customers c 
> where c.socialSecurityNumber='123-456-7890'").execute();
>  //this redacts but still leaks the vital information
> {code}
> It is also possible to query the field directly:
> {code}
> Object customerSSN = queryService.newQuery("select c.socialSecurityNumber 
> from /customers c").execute();
> //[123-456-7890]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to