hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDDS-231) Exclude connections from routable/non-local subnets by default
Date Thu, 05 Jul 2018 20:20:00 GMT
Arpit Agarwal created HDDS-231:

             Summary: Exclude connections from routable/non-local subnets by default
                 Key: HDDS-231
                 URL: https://issues.apache.org/jira/browse/HDDS-231
             Project: Hadoop Distributed Data Store
          Issue Type: Improvement
            Reporter: Arpit Agarwal

Apache Kudu uses the following scheme to reduce the damage from unauthorized connections:
bq. When disabled or strong authentication fails for 'optional', by default Kudu will only
allow unauthenticated connections from trusted subnets, which are private networks (,,,, and local subnets of all local network interfaces. Unauthenticated connections
from publicly routable IPs will be rejected.

See https://kudu.apache.org/docs/security.html.

We should use a similar approach for Ozone/HDDS.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org

View raw message