[
https://issues.apache.org/jira/browse/KYLIN-3569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zongwei Li updated KYLIN-3569:
--
Description:
>From the Docs at Kylin site,
>[http://kylin.apache.org/docs24/install/kylin_cluster.html]
* *query* : run query engine only; Kylin query engine accepts and answers your
SQL queries
It seems that if server set with 'kylin.server.mode=query', it should not can
support submit/build job. But as we tested, server with query mode still can
submit/build job from UI or RESTFul API.
We analyzed the source code, found that there didn't exist any protect logic to
check whether server is at 'job' or 'build' mode in service layer for
submit/build job. Already attach the source code in this issue.
This issue really confused us, because we considered query server cannot build
job in Kylin Docs and many Kylin books. And query server will exposed to 3rd BI
tool to query the data, if we forget to configure the suitable ACL for Cubes,
then the 3rd BI tool can trigger build job in any time.
was:
>From the Docs at Kylin site,
>[http://kylin.apache.org/docs24/install/kylin_cluster.html]
* *query* : run query engine only; Kylin query engine accepts and answers your
SQL queries
It seems that if server set with 'kylin.server.mode=query', it should not can
support submit/build job. But as we tested, server with query mode still can
submit/build job from UI or RESTFul API.
We analyzed the source code, found that there didn't exist any protect logic to
check whether server is at 'job' or 'build' mode in service layer for
submit/build job. Will attach the source code is this issue.
This issue really confused us, because we considered query server cannot build
job in Kylin Docs and many Kylin books. And query server will exposed to 3rd BI
tool to query the data, if we forget to configure the suitable ACL for Cubes,
then the 3rd BI tool can trigger build job in any time.
> Server with query mode still can submit/build job
> -
>
> Key: KYLIN-3569
> URL: https://issues.apache.org/jira/browse/KYLIN-3569
> Project: Kylin
> Issue Type: Bug
> Components: Job Engine, REST Service, Security
>Affects Versions: v2.4.1
> Environment: CentOS 6.7, HBase 1.2.0+cdh5.14.2+456
>Reporter: Zongwei Li
>Priority: Major
> Labels: build, documentation, security
> Attachments: kylinCode.png
>
>
> From the Docs at Kylin site,
> [http://kylin.apache.org/docs24/install/kylin_cluster.html]
> * *query* : run query engine only; Kylin query engine accepts and answers
> your SQL queries
> It seems that if server set with 'kylin.server.mode=query', it should not can
> support submit/build job. But as we tested, server with query mode still can
> submit/build job from UI or RESTFul API.
> We analyzed the source code, found that there didn't exist any protect logic
> to check whether server is at 'job' or 'build' mode in service layer for
> submit/build job. Already attach the source code in this issue.
> This issue really confused us, because we considered query server cannot
> build job in Kylin Docs and many Kylin books. And query server will exposed
> to 3rd BI tool to query the data, if we forget to configure the suitable ACL
> for Cubes, then the 3rd BI tool can trigger build job in any time.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)