Cassandra
  1. Cassandra
  2. CASSANDRA-5144

Validate login for Thrift describe_keyspace, describe_keyspaces and set_keyspace methods

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Fix Version/s: 1.2.1
    • Component/s: None
    • Labels:
      None

      Description

      Not validating login leaks info about keyspaces and columnfamilies if the configured authenticator requires validation.

      This change does not affect AllowAllAuthenticator, but if an implementation forbids anonymous access, we should deny this information to unauthenticated users.

      1. 5144.txt
        3 kB
        Aleksey Yeschenko

        Activity

        Hide
        Jonathan Ellis added a comment -

        Thrift has AuthenticationException and AuthorizationException instead of IRE. Otherwise +1

        Show
        Jonathan Ellis added a comment - Thrift has AuthenticationException and AuthorizationException instead of IRE. Otherwise +1
        Hide
        Aleksey Yeschenko added a comment - - edited

        Can't use Thrift

        {Authentication,Authorization}Exception

        without breaking thrift interface.

        Committed with changes: removed the conversion method from ThriftConversion.

        Thanks.

        Show
        Aleksey Yeschenko added a comment - - edited Can't use Thrift {Authentication,Authorization}Exception without breaking thrift interface. Committed with changes: removed the conversion method from ThriftConversion. Thanks.

          People

          • Assignee:
            Aleksey Yeschenko
            Reporter:
            Aleksey Yeschenko
            Reviewer:
            Jonathan Ellis
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development