[
https://issues.apache.org/jira/browse/IGNITE-9560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ilya Kasnacheev updated IGNITE-9560:
------------------------------------
Security: (was: Private)
> Security Engine fixes and test coverage. Phase #1.
> --------------------------------------------------
>
> Key: IGNITE-9560
> URL: https://issues.apache.org/jira/browse/IGNITE-9560
> Project: Ignite
> Issue Type: Task
> Components: security
> Affects Versions: 2.6
> Reporter: Anton Vinogradov
> Assignee: Anton Vinogradov
> Priority: Major
> Fix For: 2.8
>
>
> Compute and other Public API, which able to run arbitrary code at a remote
> node, now run it with remote node permissions.
> Affected API:
> - IgniteEvents,
> - CQ,
> - Compute,
> - Services,
> - Entry processor,
> - Data Streamer,
> - Scan Query,
> - Cache load,
> - Messaging,
> - ...
> So, the original security context now ignored at remote executions.
> We have to
> 1) Fix Security Engine to use original Security Context at remote executions
> 2) Cover every securable public API (only most important list at phase #1)
> with appropriate tests
> - API required special permissions to be executed, should be checked to
> require them
> - Remote executions should be checked to be executed at the original Security
> Context
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
