Vladimir Ozerov commented on IGNITE-8135:

Test run: 

> Missing SQL-DDL Authorization
> -----------------------------
>                 Key: IGNITE-8135
>                 URL: https://issues.apache.org/jira/browse/IGNITE-8135
>             Project: Ignite
>          Issue Type: Task
>          Components: sql
>    Affects Versions: 2.5
>            Reporter: Alexey Kukushkin
>            Assignee: Vladimir Ozerov
>            Priority: Major
>             Fix For: 2.5
> Ignite has infrastructure to support 3-rd party security plugins. To support 
> authorization, Ignite has security checks spread all over the code delegating 
> actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and 
> "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if 
> authorization is enabled, it is currently possible to run any SQL to 
> create/drop/alter caches and read/modify/remove the cache data thus bypassing 
> security. The problem exists for both DDL (create/drop/alter table) and DML 
> (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes, 
> Java and .NET thin clients, ODBC and JDBC, REST.

This message was sent by Atlassian JIRA

Reply via email to