[ https://issues.apache.org/jira/browse/KUDU-1918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16677701#comment-16677701 ]
Andrew Wong commented on KUDU-1918: ----------------------------------- This is committed as e172df405aef47b1339c9879b835baf69b539f8c, and it should be noted this is a different ask than that in KUDU-1843. Quoting Adar from a message on gerrit distinguishing the two: {quote}{quote}One of Todd's comments from [KUDU-1843|http://issues.apache.org/jira/browse/KUDU-1843] was: Caching the original username turns out to be a little tricky, since the WAL doesn't record the original username, and thus when reconstructing the request cache during tablet bootstrap we don't have enough information to do so. I think making the UUIDs unpredictable is probably a better approach. That's still an issue, no? {quote} My mistake; I had followed [KUDU-1918|http://issues.apache.org/jira/browse/KUDU-1918] to [KUDU-1843|http://issues.apache.org/jira/browse/KUDU-1843], and didn't realize that the conversation shifted to talking about _writes_ (which are cached in the request cache). Scans aren't cached, so this isn't an issue here. {quote} > Prevent hijacking of scanners by other users > -------------------------------------------- > > Key: KUDU-1918 > URL: https://issues.apache.org/jira/browse/KUDU-1918 > Project: Kudu > Issue Type: Improvement > Components: security, tserver > Affects Versions: 1.3.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Major > Fix For: n/a > > > Currently the UUIDs used for scanner IDs are using boost::uuid, which doesn't > necessarily use a secure random source. If these turn out to be predictable, > some attack around scanner hijacking might be possible. We should use an > unpredictable source for scanner IDs, or save the original authenticated user > in the Scanner and ensure that the authentication does not switch mid-scan. -- This message was sent by Atlassian JIRA (v7.6.3#76005)