[ https://issues.apache.org/jira/browse/KUDU-1918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Grant Henke updated KUDU-1918: ------------------------------ Status: Open (was: In Review) > Prevent hijacking of scanners by other users > -------------------------------------------- > > Key: KUDU-1918 > URL: https://issues.apache.org/jira/browse/KUDU-1918 > Project: Kudu > Issue Type: Improvement > Components: security, tserver > Affects Versions: 1.3.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Major > > Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't > necessarily use a secure random source. If these turn out to be predictable, > some attack around scanner hijacking might be possible. We should use an > unpredictable source for scanner IDs, or save the original authenticated user > in the Scanner and ensure that the authentication does not switch mid-scan. -- This message was sent by Atlassian JIRA (v7.6.3#76005)