Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

etcdserver, auth: turn Quorum on in requests of auth checking #3994

Closed
wants to merge 1 commit into from
Closed

etcdserver, auth: turn Quorum on in requests of auth checking #3994

wants to merge 1 commit into from

Conversation

mitake
Copy link
Contributor

@mitake mitake commented Dec 15, 2015

The auth information shouldn't be stale. Turning on the Quorum flag
for the request would be required for consistent auth.

@mitake
etcdserver, auth: turn Quorum on in requests of auth checking
c58d8fb 
The auth information shouldn't be stale. Turning on the Quorum flag
for the request would be required for consistent auth.
@xiang90
Copy link
Contributor

xiang90 commented Dec 17, 2015

This is going to make auth even more expensive. I guess it is fine to just use get. If one peer is not synced, you will not get any sensitive data anyway. User should first enable auth, then put data. This order of actions will be the same with or without quorum get.

@mitake
Copy link
Contributor Author

mitake commented Dec 17, 2015

However, roles can be granted to existing paths. In such a case, sensitive data can be read based on stale auth state, I think.

@xiang90
Copy link
Contributor

xiang90 commented Dec 17, 2015

@mitake In that case, yes, there is an issue. But I think user should always deny all path, then enable some paths not verse.

@mitake
Copy link
Contributor Author

mitake commented Dec 17, 2015

@xiang90 the scheme will require unconditional disabling permission under / when a user enables auth. It seems to be very big change which breaks compatibility.

I'll do a benchmark and share the result for showing overhead introduced by this PR (I'm not sure the overhead is huge or not).

@xiang90
Copy link
Contributor

xiang90 commented Dec 17, 2015

@mitake

the scheme will require unconditional disabling permission under / when a user enables auth. It seems to be very big change which breaks compatibility.

That is basically what users really should do if they want security.

@mitake mitake mentioned this pull request Jan 26, 2016
Merged
@mitake
Copy link
Contributor Author

mitake commented Feb 6, 2016

The problem will be fixed in the v3 protocol.

@mitake mitake closed this Feb 6, 2016
@mitake mitake deleted the auth-quorum branch March 7, 2017 09:15
@mitake mitake restored the auth-quorum branch March 7, 2017 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mitake @xiang90 @jonboulle