Cassandra
  1. Cassandra
  2. CASSANDRA-5144

Validate login for Thrift describe_keyspace, describe_keyspaces and set_keyspace methods

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Fix Version/s: 1.2.1
    • Component/s: None
    • Labels:
      None

      Description

      Not validating login leaks info about keyspaces and columnfamilies if the configured authenticator requires validation.

      This change does not affect AllowAllAuthenticator, but if an implementation forbids anonymous access, we should deny this information to unauthenticated users.

      1. 5144.txt
        3 kB
        Aleksey Yeschenko

        Activity

          People

          • Assignee:
            Aleksey Yeschenko
            Reporter:
            Aleksey Yeschenko
            Reviewer:
            Jonathan Ellis
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development