Roberta Marton created TRAFODION-2330:
-----------------------------------------
Summary: Using trafci, a select from a table succeeds even if the
user does not have the priv
Key: TRAFODION-2330
URL: https://issues.apache.org/jira/browse/TRAFODION-2330
Project: Apache Trafodion
Issue Type: Bug
Components: sql-general
Reporter: Roberta Marton
Assignee: Roberta Marton
When connecting to Trafodion through trafci, an available mxosrvr is found and
a new session is started. If the previous session was associated with a user
other than the current user, the caches are not invalidated. There is a
potential for the current user to be able to perform that same queries as the
previous user whether or not they have the correct privileges.
To recreate:
enable security
set number of mxosrvr to 1 in the conf file.
restart dcs
bring up a trafci session and perform queries for sql_user1
stop trafci and bring up trafci as sql_user2
sql_user2 can perform the same queries as sql_user1
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
