Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-9560

Security Engine fixes and test coverage. Phase #1.

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.6
    • 2.8
    • security

    Description

      Compute and other Public API, which able to run arbitrary code at a remote node, now run it with remote node permissions.

      Affected API:

      • IgniteEvents,
      • CQ,
      • Compute,
      • Services,
      • Entry processor,
      • Data Streamer,
      • Scan Query,
      • Cache load,
      • Messaging,
      • ...

      So, the original security context now ignored at remote executions.

      We have to
      1) Fix Security Engine to use original Security Context at remote executions
      2) Cover every securable public API (only most important list at phase #1) with appropriate tests

      • API required special permissions to be executed, should be checked to require them
      • Remote executions should be checked to be executed at the original Security Context

      Attachments

        Issue Links

          is required by

          New Feature - A new feature of the product, which has yet to be developed. IGNITE-11410 Sandbox for user-defined code

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link PR4922

          Web Link TC_BOT_VISA

          Activity

            People

              avinogradov Anton Vinogradov (Obsolete, actual is "av")
              avinogradov Anton Vinogradov (Obsolete, actual is "av")
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: