[jira] [Created] (RANGER-1095) Invert authorization logic in RangerSolrAuthorizer

Colm O hEigeartaigh (JIRA) Tue, 12 Jul 2016 08:00:42 -0700

Colm O hEigeartaigh created RANGER-1095:
-------------------------------------------


             Summary: Invert authorization logic in RangerSolrAuthorizer
                 Key: RANGER-1095
                 URL: https://issues.apache.org/jira/browse/RANGER-1095
             Project: Ranger
          Issue Type: Bug
    Affects Versions: 0.6.0
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 0.7.0


The RangerSolrAuthorizer controls access via a boolean "isDenied" which 
defaults to false. However, there is a try statement which just logs an error. 
This is a potential security risk, as a malformed request could cause (e.g.) a 
NPE which will result in 200 being returned.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (RANGER-1095) Invert authorization logic in RangerSolrAuthorizer

Reply via email to