Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1095

Invert authorization logic in RangerSolrAuthorizer

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.6.0
    • 0.7.0, 0.6.1
    • None
    • None

    Description

      The RangerSolrAuthorizer controls access via a boolean "isDenied" which defaults to false. However, there is a try statement which just logs an error. This is a potential security risk, as a malformed request could cause (e.g.) a NPE which will result in 200 being returned.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. RANGER-1446 Ranger Solr Plugin does not work when the collection list in the request is empty

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. RANGER-1171 Invert authorization logic in RangerKafkaAuthorizer

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              coheigea Colm O hEigeartaigh
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: