hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Purtell <apurt...@apache.org>
Subject Re: regarding secure read accesses in 0.98
Date Wed, 24 Sep 2014 05:36:04 GMT
We've already done what you suggest for 1.0 Srikanth. We didn't do it
for 0.98 because the new behavior for V3 was already present in
earlier minor releases.

On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
<srikanth235@gmail.com> wrote:
> Hi Folks,
> I noticed that withing 0.98 branch, the behavior of read accesses depends
> on hfile versions. If the user decides to use HFile V3 instead of HFile V2,
> then the read actions in case of access denied case start returning 0 rows
> instead of throwing AccessDenied exception. Ted mentioned yesterday that
> some work has been done in this direction [1], where a flag
> "hbase.security.access.early_
> out" was provided to the user for restoring the previous behavior. But,
> this flag does make sense only in the context of user switching to HFile
> V3.  Is it a better idea to get rid of this dependency on file versions and
> present users with a single knob for switching behavior? Or can we do
> something about making this more consistent, may be not immediately, but
> for 1.0?
> Thanks,
> Srikanth.
> References:
> [1] https://issues.apache.org/jira/browse/HBASE-11070

Best regards,

   - Andy

Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)

View raw message