[ https://issues.apache.org/jira/browse/HBASE-10823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13970245#comment-13970245 ]
Hudson commented on HBASE-10823: -------------------------------- FAILURE: Integrated in HBase-TRUNK #5087 (See [https://builds.apache.org/job/HBase-TRUNK/5087/]) HBASE-10823 Resolve LATEST_TIMESTAMP to current server time before scanning for ACLs (apurtell: rev 1587648) * /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java * /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java * /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLWithMultipleVersions.java * /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestCellACLs.java > Resolve LATEST_TIMESTAMP to current server time before scanning for ACLs > ------------------------------------------------------------------------ > > Key: HBASE-10823 > URL: https://issues.apache.org/jira/browse/HBASE-10823 > Project: HBase > Issue Type: Improvement > Affects Versions: 0.98.1 > Reporter: Andrew Purtell > Assignee: Andrew Purtell > Priority: Minor > Fix For: 0.99.0, 0.98.2 > > Attachments: HBASE-10823.patch, HBASE-10823.patch, HBASE-10823.patch, > test.patch > > > Storing values with timestamps in the future is probably bad practice and can > lead to surprises. If cells with timestamps in the future have ACLs, > permissions from those ACLs will incorrectly be considered for authorizing > the pending mutation. For sure that will be surprising. > We should be able to avoid this case by resolving LATEST_TIMESTAMP to the > current server time when creating the internal scanner for finding ACLs in > the covered cell set. > Documenting a todo item from a discussion between [~anoop.hbase] and myself. -- This message was sent by Atlassian JIRA (v6.2#6252)