[jira] [Created] (IGNITE-14005) IgniteClient.cache() method
ERIC FOONG CHEE SOON created IGNITE-14005:
-
Summary: IgniteClient.cache() method
Key: IGNITE-14005
URL: https://issues.apache.org/jira/browse/IGNITE-14005
Project: Ignite
Issue Type: Bug
Components: binary
Affects Versions: 2.9.1
Reporter: ERIC FOONG CHEE SOON
I use apache ignite 2.9.1
Found that org.apache.ignite.client.IgniteCache.cache() method does not have
security check.
For example:
ClientConfiguration config = new ClientConfiguration()
.setAddresses("127.0.0.1:10800")
.setUserName("user01")
.setUserPassword(null);
try (IgniteClient client = Ignition.startClient(config)) {
ClientCache cache = client.cache("common_cache");
cache.put("key", "some_value");
System.out.println("Cache " + cache.getName() + " key=" + cache.get("key"));
}
Found that client.cache("common_cache") does not have the security permission
check.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[MTCGA]: new failures in builds [5830080] needs to be handled
Hi Igniters, I've detected some new issue on TeamCity to be handled. You are more than welcomed to help. *New Critical Failure in master Cache (Restarts) 1 https://ci.ignite.apache.org/buildConfiguration/IgniteTests24Java8_CacheRestarts1?branch=%3Cdefault%3E No changes in the build - Here's a reminder of what contributors were agreed to do https://cwiki.apache.org/confluence/display/IGNITE/How+to+Contribute - Should you have any questions please contact dev@ignite.apache.org Best Regards, Apache Ignite TeamCity Bot https://github.com/apache/ignite-teamcity-bot Notification generated at 03:44:51 17-01-2021
[jira] [Created] (IGNITE-14004) Customized TrustManager bypasses certificate verification
Ya Xiao created IGNITE-14004: Summary: Customized TrustManager bypasses certificate verification Key: IGNITE-14004 URL: https://issues.apache.org/jira/browse/IGNITE-14004 Project: Ignite Issue Type: Improvement Reporter: Ya Xiao We found a security vulnerability in file [ignite/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java|https://github.com/apache/ignite/blob/be3072ff278a2542e41d008b5379473867df3814/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java]. The customized TrustManger (at Line 502) allows all certificates to pass the verification. *Security Impact*: The checkClientTrusted and checkServerTrusted methods are expected to implement the certificate validation logic. Bypassing it could allow man-in-the-middle attacks. *Useful Resources*: [https://cwe.mitre.org/data/definitions/295.html] [https://developer.android.com/training/articles/security-ssl|https://developer.android.com/training/articles/security-ssl#SelfSigned] *Solution we suggest:* Do not customize the TrustManger or specify the certificate validation logic instead of allowing all certificates. See [here|https://developer.android.com/training/articles/security-ssl] to securely allow self-signed certificates and other common cases. *Please share with us your opinions/comments if there is any:* Is the bug report helpful? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (IGNITE-14003) OOM on creating rebalance iterator while rebalancing cache with large values.
Ivan Daschinskiy created IGNITE-14003: - Summary: OOM on creating rebalance iterator while rebalancing cache with large values. Key: IGNITE-14003 URL: https://issues.apache.org/jira/browse/IGNITE-14003 Project: Ignite Issue Type: Bug Affects Versions: 2.9.1, 2.8.1, 2.9 Reporter: Ivan Daschinskiy Scenario 1. Start replicated cache on ignite node, memory region approx 6 Gb, heap 1Gb 2. Load significant amount of data to cache with values approx 200Kb (~20K kv pairs) 3. Start another node First node (supplier) will crash while initializing rebalance iterator with OOM Main reason -- all values, to whon pointed from leaf of BTree, are all loaded to buffer in BPlusTree#ForwardCursor. For replicated cache, 512 iterators for each partition are created at once. Reproducer is attached. -- This message was sent by Atlassian Jira (v8.3.4#803005)
