[ https://issues.apache.org/jira/browse/DRILL-5582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16208842#comment-16208842 ]
ASF GitHub Bot commented on DRILL-5582: --------------------------------------- Github user sohami commented on a diff in the pull request: https://github.com/apache/drill/pull/997#discussion_r145319769 --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp --- @@ -518,6 +518,22 @@ bool DrillClientImpl::clientNeedsEncryption(const DrillUserProperties* userPrope return needsEncryption; } +/* + * Checks if the client has explicitly expressed interest in authenticated connections only. + * If the USERPROP_PASSWORD or USERPROP_AUTH_MECHANISM connection string properties are set, + * then it is implied that the client wants authentication. + */ +bool DrillClientImpl::clientNeedsAuthentication(const DrillUserProperties* userProperties) { + bool needsAuthentication = false; + if(!userProperties) { + return false; + } + needsAuthentication = userProperties->isPropSet(USERPROP_PASSWORD) || + userProperties->isPropSet(USERPROP_AUTH_MECHANISM); --- End diff -- I think we should also check if the `password & auth parameter` value is not empty string. > [Threat Modeling] Drillbit may be spoofed by an attacker and this may lead to > data being written to the attacker's target instead of Drillbit > --------------------------------------------------------------------------------------------------------------------------------------------- > > Key: DRILL-5582 > URL: https://issues.apache.org/jira/browse/DRILL-5582 > Project: Apache Drill > Issue Type: Bug > Affects Versions: 1.10.0 > Reporter: Rob Wu > Assignee: Sorabh Hamirwasia > Priority: Minor > Labels: doc-impacting > Fix For: 1.12.0 > > > *Consider the scenario:* > Alice has a drillbit (my.drillbit.co) with plain and kerberos authentication > enabled containing important data. Bob, the attacker, attempts to spoof the > connection and redirect it to his own drillbit (fake.drillbit.co) with no > authentication setup. > When Alice is under attack and attempts to connect to her secure drillbit, > she is actually authenticating against Bob's drillbit. At this point, the > connection should have failed due to unmatched configuration. However, the > current implementation will return SUCCESS as long as the (spoofing) drillbit > has no authentication requirement set. > Currently, the drillbit <- to -> drill client connection accepts the lowest > authentication configuration set on the server. This leaves unsuspecting user > vulnerable to spoofing. -- This message was sent by Atlassian JIRA (v6.4.14#64029)