Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-5144

Validate login for Thrift describe_keyspace, describe_keyspaces and set_keyspace methods

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Trivial
    • Resolution: Fixed
    • Fix Version/s: 1.2.1
    • Component/s: None
    • Labels:
      None

      Description

      Not validating login leaks info about keyspaces and columnfamilies if the configured authenticator requires validation.

      This change does not affect AllowAllAuthenticator, but if an implementation forbids anonymous access, we should deny this information to unauthenticated users.

        Attachments

        1. 5144.txt
          3 kB
          Aleksey Yeschenko

          Activity

            People

            • Assignee:
              iamaleksey Aleksey Yeschenko
              Reporter:
              iamaleksey Aleksey Yeschenko
              Reviewer:
              Jonathan Ellis
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: