hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11127) Move security features into core
Date Wed, 04 Jun 2014 17:45:04 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017923#comment-14017923

Andrew Purtell commented on HBASE-11127:

On HBASE-10646 and https://issues.apache.org/jira/browse/HBASE-10646?focusedCommentId=14017200&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14017200
[~ishanc] said:
Will main RPCs like Get, Put, etc (apart from the admin RPCs) also be secured after that change?
Any extra overhead in these RPCs would be unacceptable in our use case.

In the context of the discussion on this issue, the answer I think must be yes. We split out
the security components and in fact developed the coprocessor framework exactly so security
would not add overhead in response processing if security features were not required. (Strictly
speaking each coprocessor hook adds ~100ns but that is unavoidable and we take great care
to limit the number of hook sites in hot code.)

> Move security features into core
> --------------------------------
>                 Key: HBASE-11127
>                 URL: https://issues.apache.org/jira/browse/HBASE-11127
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Andrew Purtell
> HBASE-11126 mentions concurrency issues we are running into as the security code increases
in sophistication, due to current placement of coprocessor hooks, and proposes a solution
to those issues with the expectation that security code remains outside of core in coprocessors.
However, as an alternative we could consider moving all AccessController and VisibilityController
related code into core. Worth discussing? 

This message was sent by Atlassian JIRA

View raw message