Return-Path: X-Original-To: apmail-hbase-issues-archive@www.apache.org Delivered-To: apmail-hbase-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DD3EA11E27 for ; Wed, 4 Jun 2014 17:45:04 +0000 (UTC) Received: (qmail 29075 invoked by uid 500); 4 Jun 2014 17:45:04 -0000 Delivered-To: apmail-hbase-issues-archive@hbase.apache.org Received: (qmail 29037 invoked by uid 500); 4 Jun 2014 17:45:04 -0000 Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list issues@hbase.apache.org Received: (qmail 29026 invoked by uid 99); 4 Jun 2014 17:45:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jun 2014 17:45:04 +0000 Date: Wed, 4 Jun 2014 17:45:04 +0000 (UTC) From: "Andrew Purtell (JIRA)" To: issues@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HBASE-11127) Move security features into core MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017923#comment-14017923 ] Andrew Purtell commented on HBASE-11127: ---------------------------------------- On HBASE-10646 and https://issues.apache.org/jira/browse/HBASE-10646?focusedCommentId=14017200&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14017200 [~ishanc] said: {quote} Will main RPCs like Get, Put, etc (apart from the admin RPCs) also be secured after that change? Any extra overhead in these RPCs would be unacceptable in our use case. {quote} In the context of the discussion on this issue, the answer I think must be yes. We split out the security components and in fact developed the coprocessor framework exactly so security would not add overhead in response processing if security features were not required. (Strictly speaking each coprocessor hook adds ~100ns but that is unavoidable and we take great care to limit the number of hook sites in hot code.) > Move security features into core > -------------------------------- > > Key: HBASE-11127 > URL: https://issues.apache.org/jira/browse/HBASE-11127 > Project: HBase > Issue Type: Improvement > Reporter: Andrew Purtell > > HBASE-11126 mentions concurrency issues we are running into as the security code increases in sophistication, due to current placement of coprocessor hooks, and proposes a solution to those issues with the expectation that security code remains outside of core in coprocessors. However, as an alternative we could consider moving all AccessController and VisibilityController related code into core. Worth discussing? -- This message was sent by Atlassian JIRA (v6.2#6252)