[jira] [Updated] (RANGER-1095) Invert authorization logic in RangerSolrAuthorizer

Colm O hEigeartaigh (JIRA) Thu, 21 Jul 2016 02:37:30 -0700

     [ 
https://issues.apache.org/jira/browse/RANGER-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh updated RANGER-1095:
----------------------------------------
    Fix Version/s: 0.6.1

> Invert authorization logic in RangerSolrAuthorizer
> --------------------------------------------------
>
>                 Key: RANGER-1095
>                 URL: https://issues.apache.org/jira/browse/RANGER-1095
>             Project: Ranger
>          Issue Type: Bug
>    Affects Versions: 0.6.0
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 0.7.0, 0.6.1
>
>         Attachments: 
> 0001-RANGER-1095-Invert-authorization-logic-in-RangerSolr.patch
>
>
> The RangerSolrAuthorizer controls access via a boolean "isDenied" which 
> defaults to false. However, there is a try statement which just logs an 
> error. This is a potential security risk, as a malformed request could cause 
> (e.g.) a NPE which will result in 200 being returned.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (RANGER-1095) Invert authorization logic in RangerSolrAuthorizer

Reply via email to