accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Cordova (Commented) (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-482) Add a thrift proxy server
Date Fri, 23 Mar 2012 15:07:27 GMT


Aaron Cordova commented on ACCUMULO-482:

It was a little hard to understand the problem the way you stated it, but I think I understand.
You mean any part of the keyvalue pair might be sensitive and need to be protected and the
!METADATA table might expose some of those.

So you're saying if a proxy is created you don't want !METADATA entries to be sent to it,
because the way most instances of Accumulo are deployed involves the Accumulo client being
run on a protected machine, i.e. a machine on the security perimeter that the user can't just
examine the memory of. 

But I don't think METADATA entries need to be exposed outside the trusted accumulo client
in order for a proxy to work ... one could simply ferry scan parameters and the resulting
keyvalue pairs to and from the client (for queries).

The proxy could also be configured to simply disallow reading directly from the !METADATA
table. Would that still leave the possibility of sensitive elements of KeyValue pairs being
> Add a thrift proxy server
> -------------------------
>                 Key: ACCUMULO-482
>                 URL:
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Sapan Shah
>            Assignee: Sapan Shah
> Add a thrift proxy server to make integration with other languages besides Java a bit
easier.  This should work like

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message