Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1095

Invert authorization logic in RangerSolrAuthorizer

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6.0
    • 0.7.0, 0.6.1
    • None
    • None

    Description

      The RangerSolrAuthorizer controls access via a boolean "isDenied" which defaults to false. However, there is a try statement which just logs an error. This is a potential security risk, as a malformed request could cause (e.g.) a NPE which will result in 200 being returned.

      Attachments

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: