[jira] [Closed] (IGNITE-2675) ODBC: Query ID is insecure.

Fri, 19 Feb 2016 03:13:58 -0800 

     [ 
https://issues.apache.org/jira/browse/IGNITE-2675?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vladimir Ozerov closed IGNITE-2675.
-----------------------------------

> ODBC: Query ID is insecure.
> ---------------------------
>
>                 Key: IGNITE-2675
>                 URL: https://issues.apache.org/jira/browse/IGNITE-2675
>             Project: Ignite
>          Issue Type: Sub-task
>          Components: odbc
>    Affects Versions: 1.5.0.final
>            Reporter: Vladimir Ozerov
>            Assignee: Vladimir Ozerov
>            Priority: Critical
>             Fix For: 1.6
>
>
> Query cursor ID is created using AtomicLong. It means that malicious user 
> could easily read data from any other cursor by simply bruteforcing 
> identifiers.
> To fix that query ID must be a composite of current session ID and unique 
> identifier.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to