View Issue Details

IDProjectCategoryView StatusLast Update
0003519SymmetricDSImprovementpublic2019-04-26 14:19
Reporterrohin.mstillheere Assigned To 
Priorityurgent 
Status newResolutionopen 
Product Version3.8.28 
Summary0003519: For security, only load data that is configured to load, rejecting other attempts
DescriptionI have tried multiple configurations so that my master node would only push data and should not accept data when any push requests comes from any of the synchronized client nodes.

None of my configurations are taking any affect and whenever i send HTTPS push request from secondary -> master, it modifies the database at master node.

I believe that modifying the properties does stop the synchronization from secondary -> master database but does not reject the push requests that are received at master node. Master always accepts such requests. Is it supported to dishonor such requests at Master saying it is not configured to accept push APIs form any client and it only sends data?

This is more of one way replication from master to secondary and stopping the reverse at master, even if secondary attempts to do so.
Tagssecurity

Activities

elong

2018-04-16 13:07

developer   ~0001162

Remove the sym_node_group_link for secondary -> master

rohin.mstillheere

2018-04-16 15:02

reporter   ~0001163

Thanks for the quick response! Please specify which configuration file or database entry is to be modified (as explained in the comment)

I wanted to be able to perform the below
Configuration change at Symmetric DS installed on master which can reject any kind of REST call with push from symmteric DS installed on the client node.

Regards,
Rohin

elong

2019-04-26 14:18

developer   ~0001445

Workaround is to configure a sym_load_filter that returns false and rejects any changes that try to push to master. Let's use this issue to tighten security and honor the configuration when loading data.

Issue History

Date Modified Username Field Change
2018-04-15 20:40 rohin.mstillheere New Issue
2018-04-16 13:07 elong Note Added: 0001162
2018-04-16 15:02 rohin.mstillheere Note Added: 0001163
2019-04-24 17:47 elong Tag Attached: security
2019-04-26 14:18 elong Note Added: 0001445
2019-04-26 14:19 elong Summary Enabling one way replication from master to secondary. Rejection of push requests from secondary to master => For security, only load data that is configured to load, rejecting other attempts