Vladimir Ozerov created IGNITE-2675:
---------------------------------------
Summary: ODBC: Query ID is insecure.
Key: IGNITE-2675
URL:
https://issues.apache.org/jira/browse/IGNITE-2675 Project: Ignite
Issue Type: Sub-task
Components: odbc
Affects Versions: 1.5.0.final
Reporter: Vladimir Ozerov
Assignee: Igor Sapego
Priority: Critical
Fix For: 1.6
Query cursor ID is created using AtomicLong. It means that malicious user could easily read data from any other cursor by simply bruteforcing identifiers.
To fix that query ID must be a composite of current session ID and unique identifier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
