Github user joshelser commented on the issue:
https://github.com/apache/phoenix/pull/191
> My thinking is this (but I should probably test it): says userA uses
phoenix, then userB starts using Phoenix. This implies that userA would be
logged out and I would hope that subsequent interactions with Phoenix by the
"human" userA would fail because its credentials are no longer there (the RPCs
themselves would fail). In other words, my thinking is that the RPC
authentication would protect us in Phoenix from this being an issue.
No dice. This is still a hole (although not a new hole as I understand it).
Will track this separately.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
