Open zhangjinpeng87 opened 8 months ago
Please answer these questions before submitting your issue. Thanks!
Using API like "curl http://{TiDBIP}:10080/db-table/{tableID}" "curl http://{TiDBIP}:10080/mvcc/key/{db}/{table}/{handle}" can walk around the access control system of TiDB and grab table's data.
Grab table information by API need an authentication process to prevent malicious API calling.
All versions.
How about assigning mTLS certificate in the config?
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
Using API like "curl http://{TiDBIP}:10080/db-table/{tableID}" "curl http://{TiDBIP}:10080/mvcc/key/{db}/{table}/{handle}" can walk around the access control system of TiDB and grab table's data.
2. What did you expect to see? (Required)
Grab table information by API need an authentication process to prevent malicious API calling.
3. What did you see instead (Required)
Using API like "curl http://{TiDBIP}:10080/db-table/{tableID}" "curl http://{TiDBIP}:10080/mvcc/key/{db}/{table}/{handle}" can walk around the access control system of TiDB and grab table's data.
4. What is your TiDB version? (Required)
All versions.