[
https://issues.apache.org/jira/browse/IGNITE-8135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kukushkin updated IGNITE-8135:
-------------------------------------
Description:
Ignite has infrastructure to support 3-rd party security plugins. To support
authorization, Ignite has security checks spread all over the code delegating
actual authorization to a 3rd party security plugins if configured.
In addition to existing checks, Ignite 2.5 will authorise "create" and
"destroy" cache operations.
The problem is authorization is not implemented for SQL at all - even if
authorization is enabled, it is currently possible to run any SQL to
create/drop/alter caches and read/modify/remove the cache data thus bypassing
security. The problem exists for both DDL (create/drop/alter table) and DML
(select/merge/insert/delete).
This ticket addresses DDL only: DML will be addressed by a different ticket.
The problem must be fixed for all clients: Ignite client and server nodes, Java
and .NET thin clients, ODBC and JDBC, REST.
was:
Ignite has infrastructure to support 3-rd party security plugins. To support
authorization, Ignite has security checks spread all over the code delegating
actual authorization to a 3rd party security plugins if configured.
In addition to existing checks, Ignite 2.5 will authorise "create" and
"destroy" cache operations.
The problem is authorization is not implemented for SQL at all - even if
authorization is enabled, it is currently possible to run any SQL to
create/drop/alter caches and read/modify/remove the cache data thus bypassing
security. The problem exists for both DDL (create/drop/alter table) and DML
(select/merge/insert/delete).
This ticket addresses DDL only: DML will be addressed by a different ticket.
> Missing SQL-DDL Authorization
> -----------------------------
>
> Key: IGNITE-8135
> URL: https://issues.apache.org/jira/browse/IGNITE-8135
> Project: Ignite
> Issue Type: Task
> Components: sql
> Affects Versions: 2.5
> Reporter: Alexey Kukushkin
> Priority: Major
>
> Ignite has infrastructure to support 3-rd party security plugins. To support
> authorization, Ignite has security checks spread all over the code delegating
> actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and
> "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if
> authorization is enabled, it is currently possible to run any SQL to
> create/drop/alter caches and read/modify/remove the cache data thus bypassing
> security. The problem exists for both DDL (create/drop/alter table) and DML
> (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes,
> Java and .NET thin clients, ODBC and JDBC, REST.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
