hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-6222) Add per-KeyValue Security
Date Mon, 25 Feb 2013 18:28:16 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13586093#comment-13586093
] 

Andrew Purtell commented on HBASE-6222:
---------------------------------------

bq. In AccessController.requireCoveringPermission the close should be in finally block?

Ok.

bq. May be we can move this before the 'if' condition just before this.

Ok.

bq. @Test tag misses for testCellPermissions(). Was it intentional?

No. Checked the test logs and it still runs, but will add this of course.

bq. The memstore flushes if more than 1 CF exists, will it have an impact on this new CF introduced?

The ACL CF is only hidden from the client. 

bq. Once in the AccessController hooks we have ensured that the permission is available by
checking the new CF acl, when the actual scan goes we can avoid this Cell right?

We could modify the Scan object in a preScannerOpen hook to exclude the ACL CF. The values
from that family are not used in the filter. (I seem to remember exploring that idea is why
no such exclusion presently.)

Thanks for the review!
                
> Add per-KeyValue Security
> -------------------------
>
>                 Key: HBASE-6222
>                 URL: https://issues.apache.org/jira/browse/HBASE-6222
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.96.0, 0.98.0
>            Reporter: stack
>            Assignee: Andrew Purtell
>         Attachments: 6222-aclcf.patch, 6222.pdf, cell-acls-kv-tags-not-for-review.zip,
HBaseCellRow-LevelSecurityDesignDoc.docx, HBaseCellRow-LevelSecurityPRD.docx
>
>
> Saw an interesting article: http://www.fiercegovernmentit.com/story/sasc-accumulo-language-pro-open-source-say-proponents/2012-06-14
> "The  Senate Armed Services Committee version of the fiscal 2013 national defense authorization
act (S. 3254) would require DoD agencies to foreswear the Accumulo NoSQL database after Sept.
30, 2013, unless the DoD CIO certifies that there exists either no viable commercial open
source database with security features comparable to [Accumulo] (such as the HBase or Cassandra
databases)..."
> Not sure what a 'commercial open source database' is, and I'm not sure whats going on
in the article, but tra-la-la'ing, if we had per-KeyValue 'security' like Accumulo's, we might
put ourselves in the running for federal contributions?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message