hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDDS-231) Exclude connections from routable/non-local subnets by default
Date Thu, 05 Jul 2018 20:20:00 GMT
Arpit Agarwal created HDDS-231:
----------------------------------

             Summary: Exclude connections from routable/non-local subnets by default
                 Key: HDDS-231
                 URL: https://issues.apache.org/jira/browse/HDDS-231
             Project: Hadoop Distributed Data Store
          Issue Type: Improvement
            Reporter: Arpit Agarwal


Apache Kudu uses the following scheme to reduce the damage from unauthorized connections:
bq. When disabled or strong authentication fails for 'optional', by default Kudu will only
allow unauthenticated connections from trusted subnets, which are private networks (127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,
169.254.0.0/16) and local subnets of all local network interfaces. Unauthenticated connections
from publicly routable IPs will be rejected.

See https://kudu.apache.org/docs/security.html.

We should use a similar approach for Ozone/HDDS.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org


Mime
View raw message