[HBASE-11434] [AccessController] Disallow inbound cells with reserved tags - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.99.0, 0.98.4
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

The AccessController allows users to store cells with ACL tags encoded by the client. This isn't a security issue currently, because in order to store the cell the user must have a relevant WRITE grant, and the user is allowed to specify whatever ACL for the cell they'd like. However it could become a correctness problem in the future, if we introduce format sanity checking or the like, so let's disallow inbound mutations containing cells with reserved tags like the VisibilityController does.

The check is skipped if the active user is a superuser. First, superusers are allowed to do anything. Second, replication (as superuser) must be able to store incoming cells with ACL tags.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-11434.patch
01/Jul/14 20:53
11 kB
Andrew Kyle Purtell
HBASE-11434.patch
01/Jul/14 20:20
11 kB
Andrew Kyle Purtell
HBASE-11434.patch
29/Jun/14 02:32
9 kB
Andrew Kyle Purtell
HBASE-11434.patch
28/Jun/14 18:11
9 kB
Andrew Kyle Purtell

Activity

People

Assignee:: Andrew Kyle Purtell

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 28/Jun/14 18:09

Updated:: 06/Apr/18 17:51

Resolved:: 04/Jul/14 00:42