hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laxman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6222) Add per-KeyValue Security
Date Mon, 18 Jun 2012 11:24:43 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13395815#comment-13395815
] 

Laxman commented on HBASE-6222:
-------------------------------

bq. The basic premise here is to be on-par security wise with Accumulo. That is the use-case.

IMHO, that's one implementation but not use-case. Definitely, Accumulo would have some straight
use-case. Do we that use-case? Based on use-case, we can brainstorm on different approaches
(KV level, Views, something else may be).

bq. where do you see this could affect the performance?

I have following concern w.r.to *scalability*.

* With current implementation, ACLs are cached. With cell level, it may grow heavily.
* Please take a look @AccessController.permissionGranted method. We need to call this method(+some
more checks for KV based) for every KV. This may become a hotspot when we introduce KV based
access control.

We are currently evaluating performance with security enabled. Soon, I will share our report.

bq. Think of blocking access to some columns differently across many rows.
I agree. Can you please explain how do we solve this with a traditional RDBMS like Oracle.


*Note:* I definitely don't want to bring up the well known discussion "SQL vs NOSQL" here
and I'm only trying to understand the use-case as a HBase user/developer. Only point I want
to put forward is we should have proper understanding of use-case and user before we start
on a approach/solution.
                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>            Reporter: stack
>
> Saw an interesting article: http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national defense authorization
act (S. 3254) would require DoD agencies to foreswear the Accumulo NoSQL database after Sept.
30, 2013, unless the DoD CIO certifies that there exists either no viable commercial open
source database with security features comparable to [Accumulo] (such as the HBase or Cassandra
databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats going on
in the article, but tra-la-la'ing, if we had per-KeyValue 'security' like Accumulo's, we might
put ourselves in the running for federal contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message