Details
-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
None
-
None
-
Security Level: Public
-
None
Description
There are three ways using which we are creating connection in the java client to the server.
1) ClusterManager
2) BucketTool
Both of these classes internally call the ClusterManager.createBucket for creation of the bucket.
Now if I am using all the three instances of the above classes in a single function, the bucket information is overridden without any checks. Ideally using any of the connection classes if I have created a SASL bucket with some information like bucket name = 'SaslBucket', bucket password = 'password', I should not be allowed to change the password using instance of another class. There should be auth failure error being returned the second time client tries to connect to the same bucket. Server supports this because there is an Edit Bucket functionality at the server for the same.
There should be a means of distinction in the request that we want to create the bucket or update.
In case of bucket creation duplicity should be checked where as in case of update this should be allowed as is.
Also, the expectation is that, the user might update the bucket information if he requires to change the password or other details, by explicitly calling updateBucket method which is currently not available.