Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Ran into this issue ...
We have an application that proxies various users internally and fires queries for those users. The Phoenix driver implementation caches connections it successfully creates and keys it by the ConnectionInfo. The ConnectionInfo doesn't take into consideration the "user". So random users (including those that aren't supposed to access) can access the tables in this sort of a setup.
The fix is to also consider the User in the ConnectionInfo.
Attachments
Attachments
Issue Links
- breaks
-
PHOENIX-3164 PhoenixConnection leak in PQS with security enabled
- Closed