hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Wittenauer ...@yahoo-inc.com>
Subject Re: Hadoop and security.
Date Sun, 05 Oct 2008 23:39:18 GMT
On 10/4/08 11:54 PM, "Dmitry Pushkarev" <umka@stanford.edu> wrote:
> Here is the question: how secure hadoop is?  (or let's say foolproof)

    I'd hope it was fairly well known that Hadoop is not secure.  At all.

> What we're seeing here is open hadoop cluster, where anyone who capable of
> installing hadoop and changing his username to webcrawl can use their
> cluster and read their data, even though firewall is perfectly installed and
> ports like ssh are filtered to outsiders.

    The firewall is likely blocking everything <1024, but making the (bad)
assumption that anything in the ephemeral range is 'safe'.  A common
misconfiguration.

  In any case, the hadoop ports should be blocked to the outside world.

> Can we propose to developers to introduce some basic user-management and
> access controls to help hadoop make one step further towards
> production-quality system?

    https://issues.apache.org/jira/browse/HADOOP-1701 ,
https://issues.apache.org/jira/browse/HADOOP-1741 ,
    https://issues.apache.org/jira/browse/HADOOP-3854 ,
https://issues.apache.org/jira/browse/HADOOP-4343 , ...

    amongst others.

> And, by the way add robots.txt to default distribution.

    https://issues.apache.org/jira/browse/HADOOP-3397


Mime
View raw message