[
https://issues.apache.org/jira/browse/HBASE-19634?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16304511#comment-16304511
]
Duo Zhang commented on HBASE-19634:
-----------------------------------
[~stack] Do you think we should add permission check for executeProcedure and
also reportProcedureDone? For example, only allow the super user and the user
who start master and RS to call these methods?
Thanks.
> Confirm that we do not leak the privilege for modifying replication peer to
> unauthorized user
> ---------------------------------------------------------------------------------------------
>
> Key: HBASE-19634
> URL: https://issues.apache.org/jira/browse/HBASE-19634
> Project: HBase
> Issue Type: Sub-task
> Components: proc-v2, Replication
> Reporter: Duo Zhang
>
> This is important, the actual refresh on RS is trigger by the
> executeProcedure call and it will pass some information. These information
> should not be fully trusted since anyone can all this method. We need to make
> sure that the actual data/state for a replication peer is always loaded from
> the replication storage, not from the parameter of the executeProcedure call.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
