[
https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402796#comment-15402796
]
Enis Soztutar commented on PHOENIX-3126:
----------------------------------------
+1 for 4.8. This looks like a serious enough issue.
Both HConnectionKey (at the HConnection level) and ConnectionId at the tcp
level connection to RS's contain the UGI information for HBase. Doing this for
Phoenix makes sense.
> The driver implementation should take into account the context of the user
> --------------------------------------------------------------------------
>
> Key: PHOENIX-3126
> URL: https://issues.apache.org/jira/browse/PHOENIX-3126
> Project: Phoenix
> Issue Type: Bug
> Reporter: Devaraj Das
> Attachments: PHOENIX-3126.txt, aaaa.java
>
>
> Ran into this issue ...
> We have an application that proxies various users internally and fires
> queries for those users. The Phoenix driver implementation caches connections
> it successfully creates and keys it by the ConnectionInfo. The ConnectionInfo
> doesn't take into consideration the "user". So random users (including those
> that aren't supposed to access) can access the tables in this sort of a setup.
> The fix is to also consider the User in the ConnectionInfo.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
