Alexey Kukushkin created IGNITE-8135:

             Summary: Missing SQL-DDL Authorization
                 Key: IGNITE-8135
             Project: Ignite
          Issue Type: Task
          Components: sql
    Affects Versions: 2.5
            Reporter: Alexey Kukushkin

Ignite has infrastructure to support 3-rd party security plugins. To support 
authorization, Ignite has security checks spread all over the code delegating 
actual authorization to a 3rd party security plugins if configured.

In addition to existing checks, Ignite 2.5 will authorise "create" and 
"destroy" cache operations.

The problem is authorization is not implemented for SQL at all - even if 
authorization is enabled, it is currently possible to run any SQL to 
create/drop/alter caches and read/modify/remove the cache data thus bypassing 
security. The problem exists for both DDL (create/drop/alter table) and DML 

This ticket addresses DDL only: DML will be addressed by a different ticket.


This message was sent by Atlassian JIRA

Reply via email to