[
https://issues.apache.org/jira/browse/KUDU-1918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16677701#comment-16677701
]
Andrew Wong commented on KUDU-1918:
-----------------------------------
This is committed as e172df405aef47b1339c9879b835baf69b539f8c, and it should be
noted this is a different ask than that in KUDU-1843. Quoting Adar from a
message on gerrit distinguishing the two:
{quote}{quote}One of Todd's comments from
[KUDU-1843|http://issues.apache.org/jira/browse/KUDU-1843] was:
Caching the original username turns out to be a little tricky, since the WAL
doesn't record the original username, and thus when reconstructing the request
cache during tablet bootstrap we don't have enough information to do so. I
think making the UUIDs unpredictable is probably a better approach.
That's still an issue, no?
{quote}
My mistake; I had followed
[KUDU-1918|http://issues.apache.org/jira/browse/KUDU-1918] to
[KUDU-1843|http://issues.apache.org/jira/browse/KUDU-1843], and didn't realize
that the conversation shifted to talking about _writes_ (which are cached in
the request cache). Scans aren't cached, so this isn't an issue here.
{quote}
> Prevent hijacking of scanners by other users
> --------------------------------------------
>
> Key: KUDU-1918
> URL: https://issues.apache.org/jira/browse/KUDU-1918
> Project: Kudu
> Issue Type: Improvement
> Components: security, tserver
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Major
> Fix For: n/a
>
>
> Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't
> necessarily use a secure random source. If these turn out to be predictable,
> some attack around scanner hijacking might be possible. We should use an
> unpredictable source for scanner IDs, or save the original authenticated user
> in the Scanner and ensure that the authentication does not switch mid-scan.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
