Any user can cancel queries
Bug #1414231 reported by
Roberta Marton
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Trafodion |
Fix Released
|
High
|
Mike Hanlon | ||
Bug Description
Support for cancelling queries has been added for release 1.0. However, with the current support, there is no privilege checking so anyone can cancel queries, even those that are not owned by the current user. This is a security gap.
| Changed in trafodion: | |
| assignee: | nobody → Cliff Gray (cliff-gray) |
| importance: | Undecided → High |
| milestone: | none → r1.1 |
| tags: | added: sql-security |
| Changed in trafodion: | |
| status: | New → In Progress |
Revision history for this message
| Cliff Gray (cliff-gray) wrote | #1 |
| Changed in trafodion: | |
| assignee: | Cliff Gray (cliff-gray) → Mike Hanlon (mike-hanlon) |
Revision history for this message
| Trafodion-Gerrit (neo-devtools) wrote Fix proposed to core (master) | #2 |
Revision history for this message
| Trafodion-Gerrit (neo-devtools) wrote Fix merged to core (master) | #3 |
| Changed in trafodion: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Paul Low (paul-low-x) wrote | #4 |
| Changed in trafodion: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Assigning to Mike Hanlon to complete. Check for authority was added in change 1183, but left for Mike to integrate and test.