[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398658#comment-13398658 ]
Andrew Purtell edited comment on HBASE-6253 at 6/21/12 6:03 PM: ---------------------------------------------------------------- How can a user drop the ACL table if they are not authorized to do it? The string {{_ acl _}} as table name has no special meaning unless the AccessController is installed. So -1 a core change that encodes it. Edit: Fix formatting (kind of) was (Author: apurtell): How can a user drop the ACL table if they are not authorized to do it? The string "_acl_" as table name has no meaning unless the AccessController is installed. So -1 a core change that encodes it. > isLegalTableName API should check for the _acl_ table name > ---------------------------------------------------------- > > Key: HBASE-6253 > URL: https://issues.apache.org/jira/browse/HBASE-6253 > Project: HBase > Issue Type: Bug > Affects Versions: 0.94.0 > Reporter: Gopinathan A > Fix For: 0.94.1 > > Attachments: HBASE-6253.patch > > > Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ > table name, due to this user can able to disable/enable/drop/create the acl > table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira