[
https://issues.apache.org/jira/browse/ACCUMULO-891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Drob resolved ACCUMULO-891.
--------------------------------
Resolution: Won't Fix
Assignee: (was: Christopher Tubbs)
Looking over the code paths, I'm not sure this actually matters. I didn't see
anywhere where the user authorizations from the system were actually exposed to
the client, so there's no opportunity to muck with things maliciously.
> Authorizations not actually immutable
> -------------------------------------
>
> Key: ACCUMULO-891
> URL: https://issues.apache.org/jira/browse/ACCUMULO-891
> Project: Accumulo
> Issue Type: Bug
> Components: client
> Affects Versions: 1.4.2
> Reporter: Mike Drob
> Labels: newbie
> Attachments: AuthorizationsTest.java
>
>
> Instances of {{Authorizations}} are not actually immutable, despite the API
> making it seem like they are. A user can make changes that will write-through
> to the backing data by using the ByteBuffer getter.
> This is a potential issue if a trusted application acts as a connection
> broker between accumulo and untrusted clients.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
