hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: Hadoop and security.
Date Mon, 06 Oct 2008 13:39:18 GMT
Edward Capriolo wrote:
> You bring up some valid points. This would be a great topic for a
> white paper. 

-a wiki page would be a start too

The first line of defense should be to apply inbound and
> outbound iptables rules. Only source IPs that have a direct need to
> interact with the cluster should be allowed to. The same is true with
> the   web access. Only a range of source IP's should be allowed to
> access the web interfaces. You can do this through SSH tunneling.
> Preventing exec commands can be handled with the security manager and
> the sandbox. I was thinking to only allow the execution of signed jars
> myself but I never implemented it.

Steve Loughran                  http://www.1060.org/blogxter/publish/5
Author: Ant in Action           http://antbook.org/

View raw message