OpenSearch

mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-19 11:24:54 +00:00

Go to file

jaymode 32af9610dd do not use the cache methods for loading entries into the user cache

The cache provides a get method with a callable to load the value into the cache. Our callable
performs authentication and then returns a value. The issue with this is that the cache will queue
concurrent calls if a value is already being loaded and return the result to all callers. This is
problematic since the key is only the username and we do not validate the credentials as part of
the get call. This means it is possible for valid credentials to be returned a null user and authentication
fails.

Additionally, another variant exists where it is possible for invalid credentials to be returned a valid
user, which allows an attacker to gain access by only knowing a username and issuing a large number
of concurrent requests.

Closes elastic/elasticsearch#860

Original commit: elastic/x-pack-elasticsearch@3d122d3bbb

2015-10-26 09:44:00 -04:00

marvel

Marvel: Remove snapshot condition in HttpExporter

2015-10-26 13:44:02 +01:00

Changed the Marvel module name to Marvel Agent

2015-10-21 14:03:23 +02:00

shield

do not use the cache methods for loading entries into the user cache

2015-10-26 09:44:00 -04:00

watcher

Watcher Docs: Fixed messed up cross document links.

2015-10-21 14:29:23 -07:00

x-dev-tools

Bumped the version to 3.0.0-SNAPSHOT

2015-09-04 16:30:11 +02:00

LICENSE.txt

Initial X-Pack commit

2018-04-20 14:16:58 -07:00

pom.xml

use a released version of attached-artifact-enforcer instead of snapshot

2015-09-16 09:21:38 -04:00

README.asciidoc

Update README.asciidoc

2015-07-17 19:01:46 +02:00

README.asciidoc

= Elasticsearch X Plugins

A set of Elastic's commercial plugins:

- License
- Shield
- Watcher
- Marvel