ASF GitHub Bot commented on IGNITE-8135:

GitHub user devozerov opened a pull request:




You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/gridgain/apache-ignite ignite-8135

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3801
commit 208803b724303f1ecc0bfa1a0af9020b916709d0
Author: devozerov <vozerov@...>
Date:   2018-04-12T08:31:36Z

    DROP TABLE tests.


> Missing SQL-DDL Authorization
> -----------------------------
>                 Key: IGNITE-8135
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8135
>             Project: Ignite
>          Issue Type: Task
>          Components: sql
>    Affects Versions: 2.5
>            Reporter: Alexey Kukushkin
>            Assignee: Vladimir Ozerov
>            Priority: Major
>             Fix For: 2.5
> Ignite has infrastructure to support 3-rd party security plugins. To support 
> authorization, Ignite has security checks spread all over the code delegating 
> actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and 
> "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if 
> authorization is enabled, it is currently possible to run any SQL to 
> create/drop/alter caches and read/modify/remove the cache data thus bypassing 
> security. The problem exists for both DDL (create/drop/alter table) and DML 
> (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes, 
> Java and .NET thin clients, ODBC and JDBC, REST.

This message was sent by Atlassian JIRA

Reply via email to