Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.6
Description
Compute and other Public API, which able to run arbitrary code at a remote node, now run it with remote node permissions.
Affected API:
- IgniteEvents,
- CQ,
- Compute,
- Services,
- Entry processor,
- Data Streamer,
- Scan Query,
- Cache load,
- Messaging,
- ...
So, the original security context now ignored at remote executions.
We have to
1) Fix Security Engine to use original Security Context at remote executions
2) Cover every securable public API (only most important list at phase #1) with appropriate tests
- API required special permissions to be executed, should be checked to require them
- Remote executions should be checked to be executed at the original Security Context
Attachments
Issue Links
- is required by
-
IGNITE-11410 Sandbox for user-defined code
- Resolved
- links to