[jira] [Updated] (KUDU-1918) Prevent hijacking of scanners by other users

Grant Henke (JIRA) Fri, 16 Feb 2018 06:17:55 -0800

     [ 
https://issues.apache.org/jira/browse/KUDU-1918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Grant Henke updated KUDU-1918:
------------------------------
    Status: Open  (was: In Review)

> Prevent hijacking of scanners by other users
> --------------------------------------------
>
>                 Key: KUDU-1918
>                 URL: https://issues.apache.org/jira/browse/KUDU-1918
>             Project: Kudu
>          Issue Type: Improvement
>          Components: security, tserver
>    Affects Versions: 1.3.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Major
>
> Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't 
> necessarily use a secure random source. If these turn out to be predictable, 
> some attack around scanner hijacking might be possible. We should use an 
> unpredictable source for scanner IDs, or save the original authenticated user 
> in the Scanner and ensure that the authentication does not switch mid-scan.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (KUDU-1918) Prevent hijacking of scanners by other users

Reply via email to