hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-2239) Security: Need to be able to encrypt Hadoop socket connections
Date Wed, 19 Mar 2008 01:16:24 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580206#action_12580206
] 

Tsz Wo (Nicholas), SZE commented on HADOOP-2239:
------------------------------------------------

+1 Codes look good.

* The hsftp port is fixed across a cluster.  So this feature will not work for running more
than one datanodes in the same machine.  Moreover, we have to make sure that more than one
datanodes can run in the same machine when this feature is disabled.

* We probably should support the random hsftp ports later.

* We need to add more documentation later.

Other minor comments:
- Remove "import org.mortbay.http.JsseListener" in StatusHttpServer.

- The codes for initializing infoServer in FSNamesystem and DataNode are similar.  Why not
make a static method in StatusHttpServer?

> Security:  Need to be able to encrypt Hadoop socket connections
> ---------------------------------------------------------------
>
>                 Key: HADOOP-2239
>                 URL: https://issues.apache.org/jira/browse/HADOOP-2239
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: dfs
>            Reporter: Allen Wittenauer
>            Assignee: Chris Douglas
>             Fix For: 0.17.0
>
>         Attachments: 2239-0.patch, 2239-1.patch, 2239-2.patch
>
>
> We need to be able to use hadoop over hostile networks, both internally and externally
to the enterpise.  While authentication prevents unauthorized access, encryption should be
used to prevent such things as packet snooping across the wire.  This means that hadoop client
connections, distcp, etc, would use something such as SSL to protect the TCP/IP packets. 
Post-Kerberos, it would be useful to use something similar to NFS's krb5p option.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message