hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-10322) Strip tags from KV while sending back to client on reads
Date Mon, 20 Jan 2014 18:51:25 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13876697#comment-13876697
] 

Andrew Purtell commented on HBASE-10322:
----------------------------------------

[~lhofhansl], [~stack], [~anoop.hbase], [~ram_krish]: Quick recap as I see it. Security tags
can be more sensitive than the cell itself. Users will share the cells among each other. However,
we don't want that sharing to also leak access rules for the cell. That would be at best a
violation of "need to know". Also, 0.96 clients can't handle serializations that include tags.
The easiest answer is: RPC does not handle cell tags. We can thus avoid: negotiation, per-cell
access checks, per-cell rewrites (copies). However, that fails to address replication, which
uses the RPC code but must be able to replicate tags from a 0.98 source to another 0.98 sink.
For replication, we need to hand RPC a codec that is tag aware. Because 0.98 may be talking
to 0.96, we can't do that by default, we need a configuration setting for replication that
tells it what RPC codec to select when talking to the peer. 

> Strip tags from KV while sending back to client on reads
> --------------------------------------------------------
>
>                 Key: HBASE-10322
>                 URL: https://issues.apache.org/jira/browse/HBASE-10322
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.98.0
>            Reporter: Anoop Sam John
>            Assignee: Anoop Sam John
>            Priority: Blocker
>             Fix For: 0.98.0, 0.99.0
>
>         Attachments: HBASE-10322.patch, HBASE-10322_V2.patch, HBASE-10322_codec.patch
>
>
> Right now we have some inconsistency wrt sending back tags on read. We do this in scan
when using Java client(Codec based cell block encoding). But during a Get operation or when
a pure PB based Scan comes we are not sending back the tags.  So any of the below fix we have
to do
> 1. Send back tags in missing cases also. But sending back visibility expression/ cell
ACL is not correct.
> 2. Don't send back tags in any case. This will a problem when a tool like ExportTool
use the scan to export the table data. We will miss exporting the cell visibility/ACL.
> 3. Send back tags based on some condition. It has to be per scan basis. Simplest way
is pass some kind of attribute in Scan which says whether to send back tags or not. But believing
some thing what scan specifies might not be correct IMO. Then comes the way of checking the
user who is doing the scan. When a HBase super user doing the scan then only send back tags.
So when a case comes like Export Tool's the execution should happen from a super user.
> So IMO we should go with #3.
> Patch coming soon.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message