database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
1,763 Commits 1 Branch 0 Tags
25e475898e8a8a183badf52c11c415e881987323
Commit Graph

10 Commits

Author SHA1 Message Date
Mingyu Chen
a46bf1ada3 [Authorization] Modify the authorization checking logic (#2372) 
**Authorization checking logic**

There are some problems with the current password and permission checking logic. For example:
First, we create a user by:
`create user cmy@"%" identified by "12345";`

And then 'cmy' can login with password '12345' from any hosts.

Second, we create another user by:
`create user cmy@"192.168.%" identified by "abcde";`

Because "192.168.%" has a higher priority in the permission table than "%". So when "cmy" try
to login in by password "12345" from host "192.168.1.1", it should match the second permission
entry, and will be rejected because of invalid password.
But in current implementation, Doris will continue to check password on first entry, than let it pass. So we should change it.

**Permission checking logic**

After a user login, it should has a unique identity which is got from permission table. For example,
when "cmy" from host "192.168.1.1" login, it's identity should be `cmy@"192.168.%"`. And Doris
should use this identity to check other permission, not by using the user's real identity, which is
`cmy@"192.168.1.1"`.

**Black list**
Functionally speaking, Doris only support adding WHITE LIST, which is to allow user to login from
those hosts in the white list. But is some cases, we do need a BLACK LIST function.
Fortunately, by changing the logic described above, we can simulate the effect of the BLACK LIST.

For example, First we add a user by:
`create user cmy@'%' identified by '12345';`

And now user 'cmy' can login from any hosts. and if we don't want 'cmy' to login from host A, we
can add a new user by:
`create user cmy@'A' identified by 'other_passwd';`

Because "A" has a higher priority in the permission table than "%". If 'cmy' try to login from A using password '12345', it will be rejected.
 2019-12-06 17:45:56 +08:00
ZHAO Chun
9d03ba236b Uniform Status (#1317) 2019-06-14 23:38:31 +08:00
Mingyu Chen
0820a29b8d Implement the routine load process of Kafka on Backend (#671) 2019-04-28 10:33:50 +08:00
chenhao7253886
37b4cafe87 Change variable and namespace name in BE (#268) 
Change 'palo' to 'doris'
 2018-11-02 10:22:32 +08:00
morningman
2868793b6b Change license to Apache License 2.0 (#262) 2018-11-01 09:06:01 +08:00
morningman
051aced48d Missing many files in last commit 
In last commit, a lot of files has been missed
 2018-10-31 16:19:21 +08:00
morningman
cc74efb3c5 merge to ddb65b69f9c788e359e191889cb31f15279c41ec (#224) 
1. Apache HDFS broker support HDFS HA and Hadoop kerberos authentication.
2. New Backup and Restore function. Use Fs Broker to backup your data to HDFS or restore them from HDFS.
3. Table-Level Privileges. Grant fine-grained privileges on table-level to specified user.
4. A lot of bugs fixed.
5. Performance improvement.
 2018-08-24 17:12:26 +08:00
morningman
2419384e8a push 3.3.19 to github (#193) 
* push 3.3.19 to github

* merge to 20ed420122a8283200aa37b0a6179b6a571d2837
 2018-05-15 20:38:22 +08:00
李超勇
5296746b4a Fix #6 SHOW FULL TABLES WHERE Table_type != VIEW sql can not execute (#11) 
* change picture to word

* change picture to word

* SHOW FULL TABLES WHERE Table_type != VIEW sql can not execute
 2017-08-15 19:01:08 +08:00
cyongli
e2311f656e baidu palo 2017-08-11 17:51:21 +08:00