TB058 Masked Provisioning with Advanced Connector Could Result in Data Masking Errors
This article applies to the following versions of the Delphix Engine:
|
Major Release |
All Sub Releases |
|
5.2 |
5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.3.1 |
|
5.1 |
5.1.0.0, 5.1.1.0, 5.1.2.0, 5.1.3.0, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0, 5.1.10.0 |
|
5.0 |
5.0.1.0, 5.0.1.1, 5.0.2.0, 5.0.2.1, 5.0.2.2, 5.0.2.3, 5.0.3.0, 5.0.3.1, 5.0.4.0, 5.0.4.1 ,5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, 5.0.5.4 |
Alert Type
Security
Severity Level: High
CVSS Score: 6.3 based on
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): Low
Availability (A): None
Description
This issue affects customers using Selective Data Distribution (SDD) when the Masking function was configured to use an Advanced Connector.
The problem is encountered on combined engines when an Advanced Masking Connector is used. The created connector points to the original target (likely a sample VDB used to configure and test the masked provisioning process) rather than to the provisioned/refreshed VDB.
Impact
This issue has two negative side effects:
-
If the Masking job succeeds, the VDB is incorrectly considered masked. If SDD (Selective Data Distribution) has been configured, the VDB would then be replicated to the SDD target engine.
-
When the misconfigured Masking job runs, a different database will be masked unintentionally (assuming this database is online, the credentials are correct, etc.). As mentioned above, this is a sample VDB used to configure and test the masked provisioning process if the standard best practices have been followed.
Relief/Workaround
Use custom hook scripts to correctly create the connector and invoke the masking job.
Resolution
This issue is fully resolved in Delphix Engine release 5.2.4.0 and later.
Additional Information
None