[
https://issues.apache.org/jira/browse/IGNITE-8135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435430#comment-16435430
]
ASF GitHub Bot commented on IGNITE-8135:
----------------------------------------
Github user devozerov closed the pull request at:
https://github.com/apache/ignite/pull/3801
> Missing SQL-DDL Authorization
> -----------------------------
>
> Key: IGNITE-8135
> URL: https://issues.apache.org/jira/browse/IGNITE-8135
> Project: Ignite
> Issue Type: Task
> Components: sql
> Affects Versions: 2.5
> Reporter: Alexey Kukushkin
> Assignee: Vladimir Ozerov
> Priority: Major
> Fix For: 2.5
>
>
> Ignite has infrastructure to support 3-rd party security plugins. To support
> authorization, Ignite has security checks spread all over the code delegating
> actual authorization to a 3rd party security plugins if configured.
> In addition to existing checks, Ignite 2.5 will authorise "create" and
> "destroy" cache operations.
> The problem is authorization is not implemented for SQL at all - even if
> authorization is enabled, it is currently possible to run any SQL to
> create/drop/alter caches and read/modify/remove the cache data thus bypassing
> security. The problem exists for both DDL (create/drop/alter table) and DML
> (select/merge/insert/delete).
> This ticket addresses DDL only: DML will be addressed by a different ticket.
> The problem must be fixed for all clients: Ignite client and server nodes,
> Java and .NET thin clients, ODBC and JDBC, REST.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
