[
https://issues.apache.org/jira/browse/IGNITE-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15150529#comment-15150529
]
Igor Sapego commented on IGNITE-2675:
-------------------------------------
Resolved by IGNITE-2643. New {{OdbcRequestHandler}} is now created for every
connection so client can't get access to any queries that have not been created
using current connection.
> ODBC: Query ID is insecure.
> ---------------------------
>
> Key: IGNITE-2675
> URL: https://issues.apache.org/jira/browse/IGNITE-2675
> Project: Ignite
> Issue Type: Sub-task
> Components: odbc
> Affects Versions: 1.5.0.final
> Reporter: Vladimir Ozerov
> Assignee: Igor Sapego
> Priority: Critical
> Fix For: 1.6
>
>
> Query cursor ID is created using AtomicLong. It means that malicious user
> could easily read data from any other cursor by simply bruteforcing
> identifiers.
> To fix that query ID must be a composite of current session ID and unique
> identifier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
