[
https://issues.apache.org/jira/browse/HBASE-10823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13967424#comment-13967424
]
ramkrishna.s.vasudevan commented on HBASE-10823:
------------------------------------------------
bq.Also we have to consider exact version deletion [ deleteColumns() and
deleteColumn() ]
Regarding the exact version deletion pls see the comment in HBASE-10885. The
exact version deletion also check for the preceeding version though the latest
version allows the permission. I think we can check this once again? What you
think Andy?
This patch is fine with the case of future timestamps.
bq.So in the acl check place also we might have to do ts based cell skip.
+1.
Good, interesting issue. Sorry for being late into this.
> Resolve LATEST_TIMESTAMP to current server time before scanning for ACLs
> ------------------------------------------------------------------------
>
> Key: HBASE-10823
> URL: https://issues.apache.org/jira/browse/HBASE-10823
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 0.98.1
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
> Priority: Minor
> Fix For: 0.99.0, 0.98.2
>
> Attachments: HBASE-10823.patch, HBASE-10823.patch, HBASE-10823.patch,
> test.patch
>
>
> Storing values with timestamps in the future is probably bad practice and can
> lead to surprises. If cells with timestamps in the future have ACLs,
> permissions from those ACLs will incorrectly be considered for authorizing
> the pending mutation. For sure that will be surprising.
> We should be able to avoid this case by resolving LATEST_TIMESTAMP to the
> current server time when creating the internal scanner for finding ACLs in
> the covered cell set.
> Documenting a todo item from a discussion between [~anoop.hbase] and myself.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
