[jira] [Commented] (NIFI-3032) NiFiPropertiesLoader can cache stale key after migration

Mon, 14 Nov 2016 13:37:15 -0800 

    [ 
https://issues.apache.org/jira/browse/NIFI-3032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15665107#comment-15665107
 ] 

ASF GitHub Bot commented on NIFI-3032:
--------------------------------------

Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/1220#discussion_r87897741
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/main/java/org/apache/nifi/properties/NiFiPropertiesLoader.java
 ---
    @@ -158,9 +158,7 @@ private static String getDefaultProviderKey() {
         }
     
         private void initializeSensitivePropertyProviderFactory() {
    -        if (sensitivePropertyProviderFactory == null) {
    -            sensitivePropertyProviderFactory = new 
AESSensitivePropertyProviderFactory(keyHex);
    -        }
    +        sensitivePropertyProviderFactory = new 
AESSensitivePropertyProviderFactory(keyHex);
    --- End diff --
    
    It will if two competing resources are attempting to access it, but this 
scenario should not occur (there should not be two resources with different 
keys trying to load the data in the real application, as there is only one 
master key). The reason it was failing in your original test was due to 
sequential access not being cleared after migration. If we are concerned about 
race conditions, this should not be `static` at all and more of the 
organization needs to change. 


> NiFiPropertiesLoader can cache stale key after migration
> --------------------------------------------------------
>
>                 Key: NIFI-3032
>                 URL: https://issues.apache.org/jira/browse/NIFI-3032
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>            Priority: Blocker
>              Labels: encryption, security
>             Fix For: 1.1.0
>
>
> [~bryanrosan...@gmail.com] discovered an issue where the 
> {{NiFiPropertiesLoader}} can be initialized with a static 
> {{SensitivePropertyProviderFactory}} containing a specific {{key}}, and then 
> when {{NiFiPropertiesLoader.withKey()}} is called with a different key, the 
> factory is not refreshed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to