[
https://issues.apache.org/jira/browse/HBASE-10883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13956382#comment-13956382
]
Andrew Purtell commented on HBASE-10883:
----------------------------------------
{code}
+ private final String regex = "[A-Za-z_0-9]*";
{code}
I think this should be
{code}
+ private final String regex = "[A-Za-z\\_][A-Za-z0-9\\_\\-]*";
{code}
but this is a minor thing, if you want the other then no problem.
The regex should be precompiled since it may be applied often.
Like Anoop says, we need to validate authorizations and labels the same way now.
> Restrict the universe of labels and authorizations
> --------------------------------------------------
>
> Key: HBASE-10883
> URL: https://issues.apache.org/jira/browse/HBASE-10883
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 0.98.1
> Reporter: Andrew Purtell
> Fix For: 0.99.0, 0.98.2
>
> Attachments: HBASE-10883.patch
>
>
> Currently we allow any string as visibility label or request authorization.
> However as seen on HBASE-10878, we accept for authorizations strings that
> would not work if provided as labels in visibility expressions. We should
> throw an exception at least in cases where someone tries to define or use a
> label or authorization including visibility expression operators '&', '|',
> '!', '(', ')'.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
