[
https://issues.apache.org/jira/browse/HBASE-11434?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Purtell updated HBASE-11434:
-----------------------------------
Description:
The AccessController allows users to store cells with ACL tags encoded by the
client. This isn't a security issue currently, because in order to store the
cell the user must have a relevant WRITE grant, and the user is allowed to
specify whatever ACL for the cell they'd like. However it could become a
correctness problem in the future, if we introduce format sanity checking or
the like, so let's disallow inbound mutations containing cells with reserved
tags like the VisibilityController does.
The check is skipped if the active user is a superuser. First, superusers are
allowed to do anything. Second, replication (as superuser) must be able to
store incoming cells with ACL tags.
was:
Currently the AccessController allows users to store cells with ACL tags
encoded by the client. This isn't a security issue currently, because in order
to store the cell the user must have a relevant WRITE grant, and the user is
allowed to specify whatever ACL for the cell they'd like. However it could
become a correctness problem in the future, if we introduce format sanity
checking or the like, so let's disallow inbound mutations containing cells with
reserved tags like the VisibilityController does.
The check is skipped if the active user is a superuser. First, superusers are
allowed to do anything. Second, replication (as superuser) must be able to
store incoming cells with ACL tags.
> [AccessController] Disallow inbound cells with reserved tags
> ------------------------------------------------------------
>
> Key: HBASE-11434
> URL: https://issues.apache.org/jira/browse/HBASE-11434
> Project: HBase
> Issue Type: Improvement
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Fix For: 0.99.0, 0.98.4
>
>
> The AccessController allows users to store cells with ACL tags encoded by the
> client. This isn't a security issue currently, because in order to store the
> cell the user must have a relevant WRITE grant, and the user is allowed to
> specify whatever ACL for the cell they'd like. However it could become a
> correctness problem in the future, if we introduce format sanity checking or
> the like, so let's disallow inbound mutations containing cells with reserved
> tags like the VisibilityController does.
> The check is skipped if the active user is a superuser. First, superusers are
> allowed to do anything. Second, replication (as superuser) must be able to
> store incoming cells with ACL tags.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
