[
https://issues.apache.org/jira/browse/IGNITE-7457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Anderson updated IGNITE-7457:
----------------------------------
Description:
Whilst writing an Authentication/Authorization plugin I noticed that
authorization ( GridSecurityProcessor.authorize(...) ) takes place on the
client rather than on the server (new node authentication takes part on the
server). This seems a little insecure as the client can easily deploy with a
modified (or without the) plugin.
Just an observation...
was:
Whilst writing an Authentication/Authorization plugin I noticed that
authorization ( GridOsSecurityProcessor.authorize(...) ) takes place on the
client rather than on the server (new node authentication takes part on the
server). This seems a little insecure as the client can easily deploy with a
modified (or without the) plugin.
Just an observation...
> Authorization happens on the Client not Server
> ----------------------------------------------
>
> Key: IGNITE-7457
> URL: https://issues.apache.org/jira/browse/IGNITE-7457
> Project: Ignite
> Issue Type: Bug
> Components: cache, clients, general
> Affects Versions: 2.3
> Environment: 2.3.0 Gentoo Linux J1.8
> Reporter: Paul Anderson
> Priority: Minor
> Labels: security
>
> Whilst writing an Authentication/Authorization plugin I noticed that
> authorization ( GridSecurityProcessor.authorize(...) ) takes place on the
> client rather than on the server (new node authentication takes part on the
> server). This seems a little insecure as the client can easily deploy with a
> modified (or without the) plugin.
>
> Just an observation...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
