[ https://issues.apache.org/jira/browse/PHOENIX-3126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402796#comment-15402796 ]
Enis Soztutar commented on PHOENIX-3126: ---------------------------------------- +1 for 4.8. This looks like a serious enough issue. Both HConnectionKey (at the HConnection level) and ConnectionId at the tcp level connection to RS's contain the UGI information for HBase. Doing this for Phoenix makes sense. > The driver implementation should take into account the context of the user > -------------------------------------------------------------------------- > > Key: PHOENIX-3126 > URL: https://issues.apache.org/jira/browse/PHOENIX-3126 > Project: Phoenix > Issue Type: Bug > Reporter: Devaraj Das > Attachments: PHOENIX-3126.txt, aaaa.java > > > Ran into this issue ... > We have an application that proxies various users internally and fires > queries for those users. The Phoenix driver implementation caches connections > it successfully creates and keys it by the ConnectionInfo. The ConnectionInfo > doesn't take into consideration the "user". So random users (including those > that aren't supposed to access) can access the tables in this sort of a setup. > The fix is to also consider the User in the ConnectionInfo. -- This message was sent by Atlassian JIRA (v6.3.4#6332)