Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-7457

Authorization happens on the Client not Server

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.3
    • Fix Version/s: None
    • Component/s: cache, clients, general
    • Labels:
    • Environment:

      2.3.0 Gentoo Linux J1.8

      Description

      Whilst writing an Authentication/Authorization plugin I noticed that authorization ( GridSecurityProcessor.authorize(...) ) takes place on the client rather than on the server (new node authentication takes part on the server). This seems a little insecure as the client can easily deploy with a modified (or without the) plugin.

       

      Just an observation...

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              deviljelly Paul Anderson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: