Any user can cancel queries
Bug #1414231 reported by
Roberta Marton
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Trafodion |
Fix Released
|
High
|
Mike Hanlon |
Bug Description
Support for cancelling queries has been added for release 1.0. However, with the current support, there is no privilege checking so anyone can cancel queries, even those that are not owned by the current user. This is a security gap.
Changed in trafodion: | |
assignee: | nobody → Cliff Gray (cliff-gray) |
importance: | Undecided → High |
milestone: | none → r1.1 |
tags: | added: sql-security |
Changed in trafodion: | |
status: | New → In Progress |
To post a comment you must log in.
Assigning to Mike Hanlon to complete. Check for authority was added in change 1183, but left for Mike to integrate and test.