dlmarion commented on issue #88: URL: https://github.com/apache/accumulo-access/issues/88#issuecomment-3656709883
@keith-turner said: > > there is validation when creating a new ColumnVisibility that the Authorizations is a valid auth character > > I believe this only true for auths in the expression that are not quoted. This [code](https://github.com/apache/accumulo/blob/98549b6bfe3347d8827829de4fa4b2cdb5a649df/core/src/main/java/org/apache/accumulo/core/security/ColumnVisibility.java#L402-L412) processes quoted auths and it takes all bytes until it sees a closing quote. Ok, thanks for the pointer to the code. I think this makes my prior comment about my upgrade concerns not being an issue incorrect. @ctubbsii said: > 3\. When reading existing data, decode persisted bytes using UTF-8 decoder, and treat decoding errors as invalid visibility expression, in the same way that mismatched parentheses would be treated like an invalid visibility expression. This is a breaking change for users upgrading from an earlier release. I'm for changing the specification to be UTF-8 only, but we need to figure out a way to deal with existing data and authorizations that contain non-UTF-8 bytes in quotes. I realize that the probability of this being used is very low, but this approach will require users to rewrite their data with newer 4.0 compliant access expressions. One way to approach this would be to change the specification and AccessExpression API to only accept Strings for creating new AccessExpressions, but continue to use byte[] for Authorizations and evaluation. In this scenario, users that are using non-UTF-8 in their Auths and ColumnVisibility's would need to update their applications for data ingested after upgrading to 4.0. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
