Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-6457

Servers should disallow access to internal user caches over the wire when authorization is disabled

    XMLWordPrintable

Details

    Description

      The server protocols currently allow access to internal user caches (such as the script and schema caches) if authorization is disabled. We should instead not allow access.

      Attachments

        Issue Links

          blocks

          Enhancement - An enhancement or refactoring of existing functionality JDG-285 Protect internal caches from remote access when security is disabled

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          causes

          Sub-task - The sub-task of the issue ISPN-7814 Remove auth check in CacheDecodeContext

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-6783 Cross-dc setup with JDG server on real network doesn't work

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          relates to

          Task - A task that needs to be done. ISPN-6454 Schema cache should require a special role when authorization is enabled

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: ISPN

              People

                ttarrant@redhat.com Tristan Tarrant
                ttarrant@redhat.com Tristan Tarrant
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: