I never thought through the implications of NOT for security labelling. It really doesn't come up in our use-cases: we always allow users to see less data by voluntarily reducing their authorizations.
After thinking about it now, my views are best represented by the arguments presented Christopher. add a configurable switch that you could enable/disable the NOT operator > What would it mean if you allowed NOT labels, and then changed the parameter? Would you treat the labels as illegal? I don't want to explain to accumulo administrators that they should never turn that switch on to solve their visibility puzzle. I don't want to explain to an investigator that a little used switch was mistakenly used to implement a poor visibility policy that allowed someone to see data they should not have seen. The code looks perfectly good, does what it says it should do, is complete and has nice tests. But I would not want it in accumulo. -Eric On Thu, Mar 20, 2014 at 9:27 AM, joeferner <[email protected]> wrote: > If I were to add a configurable switch that you could enable/disable the > NOT > operator would that increase the likelihood of this patch being accepted? I > could make it default 'disabled'. > > > > -- > View this message in context: > http://apache-accumulo.1065345.n5.nabble.com/NOT-operator-in-visibility-string-tp7949p8310.html > Sent from the Users mailing list archive at Nabble.com. >
