Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-8135

Missing SQL-DDL Authorization

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.5
    • 2.5
    • sql
    • None

    Description

      Ignite has infrastructure to support 3-rd party security plugins. To support authorization, Ignite has security checks spread all over the code delegating actual authorization to a 3rd party security plugins if configured.

      In addition to existing checks, Ignite 2.5 will authorise "create" and "destroy" cache operations.

      The problem is authorization is not implemented for SQL at all - even if authorization is enabled, it is currently possible to run any SQL to create/drop/alter caches and read/modify/remove the cache data thus bypassing security. The problem exists for both DDL (create/drop/alter table) and DML (select/merge/insert/delete).

      This ticket addresses DDL only: DML will be addressed by a different ticket.

      The problem must be fixed for all clients: Ignite client and server nodes, Java and .NET thin clients, ODBC and JDBC, REST.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3801

          Activity

            People

              vozerov Vladimir Ozerov
              kukushal Alexey Kukushkin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: