hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Yu <yuzhih...@gmail.com>
Subject Re: Regarding HBase client read zookeeper data in Secure HBase cluster
Date Tue, 22 May 2012 16:27:57 GMT
I think what you describe below is legitimate concern.
Can you log a JIRA for this ?


On Tue, May 22, 2012 at 5:11 AM, Anoop Sam John <anoopsj@huawei.com> wrote:

> Hi Devs
>            In case of secure cluster, we allow the HBase clients to read
> the zk nodes by providing the global read permissions to all for certain
> nodes. These nodes are the master address znode, root server znode and the
> clusterId znode. In ZKUtil.createACL() , we can see these node names are
> specially handled.
> But there are some other client side admin APIs which makes a read call
> into the zookeeper from the client. This include the isTableEnaled() call
> (May be some other. I have seen this).  Here the client directly reads a
> node in the zookeeper ( node created for this table ) and the data is
> matched to know whether this is enabled or not.
> Now in secure cluster case any client can read zookeeper nodes which it
> needs for its normal operation like the master address and root server
> address.  But what if the client calls this API? [isTableEnaled () ]. I
> think this will be an issue.
> -Anoop-

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message