hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <apurt...@yahoo.com>
Subject Re: HBase wire compatibility
Date Mon, 13 Feb 2012 23:23:14 GMT
Security considerations are mostly orthogonal to message encoding.

In the SecureRpcEngine there is a SASL negotiation at connection setup, and then HBase protocol
data is transformed using the established context. That is the null transformation unless
message integrity or confidentiality options are negotiated/required. The JRE's SASL support
handles that. SASL is well defined and interoperable between versions. Otherwise we delegate
to the HBase RPC code. 

For ZooKeeper security, there is a new ZK protocol message type for the SASL authenticator.
Unlike with HBase, the application protocol is not wrapped with a secure socket layer. So
the authentication handshake is as cross version compatible as the rest of the ZK protocol,
and the handshake basically tunnels SASL protocol messages, which are compatible cross version
with respect to themselves. It was done this way due to how ZK architected pluggable authentication
methods. 

Best regards,

    - Andy


On Feb 14, 2012, at 5:02 AM, Jimmy Xiang <jxiang@cloudera.com> wrote:

> I posted the proposal on wiki:
> 
> http://wiki.apache.org/hadoop/Hbase/HBaseWireCompatibility
> 
> Thanks,
> Jimmy
> 
> On Mon, Feb 13, 2012 at 11:03 AM, Ted Yu <yuzhihong@gmail.com> wrote:
> 
>> Can you post on wiki ?
>> 
>> Attachment stripped.
>> 
>> On Mon, Feb 13, 2012 at 11:01 AM, Jimmy Xiang <jxiang@cloudera.com> wrote:
>> 
>>> Hello,
>>> 
>>> As HBase installation base is getting bigger, we are ready to work on the
>>> wire compatibility issue.
>>> The goal is to make HBase easier for operators to upgrade, while it is
>>> also easier for developers to
>>> enhance, re-architect if necessary.
>>> 
>>> The attached is a proposal we came up.  We'd like to start with two
>> phases:
>>> 
>>> Phase 1: Compatibility between client applications and HBase clusters
>>> Phase 2: HBase cluster rolling upgrade within same major version
>>> 
>>> Could you please review?
>>> 
>>> Thanks,
>>> Jimmy
>>> 
>> 

Mime
View raw message