hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-12470) Way to determine which labels are applied to a cell in a table
Date Thu, 13 Nov 2014 21:33:35 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14211325#comment-14211325
] 

Andrew Purtell edited comment on HBASE-12470 at 11/13/14 9:33 PM:
------------------------------------------------------------------

This is also an issue for cell ACLs.

As Anoop mentioned we strip security tags in the RPC layer so we don't leak sensitive information
to users, untrusted or otherwise. We can vary the codec but only globally by configuration.

In the run up to 0.98.0, while we were still at 0.97-SNAPSHOT, I proposed a couple of variations
on per connection codec negotiation that didn't go anywhere on account of lack of time, interest,
and community will. Per-connection negotiation is probably the best answer here. Might be
worth it for you to reconsider the idea. After we authenticate a user as privileged (we can
start with beloging to the superuser group) we could use the RPC codec which does not strip
security tags, thus giving higher level APIs / policy monitoring / policy validation tools
direct access to cell tags, and therefore ACL and visibility label metadata stored with them.
This requires the ability to swap RPC codecs on a per connection basis, after the authorization
handshake, so some sort of negotiation...


was (Author: apurtell):
This is also an issue for cell ACLs.

As Anoop mentioned we strip security tags in the RPC layer so we don't leak sensitive information
to users, untrusted or otherwise. We can vary the codec but only globally by configuration.

In the run up to 0.98.0, while we were still at 0.97-SNAPSHOT, I proposed a couple of variations
on per connection codec negotiation that didn't go anywhere on account of lack of time, interest,
and community will. Per-connection negotiation is probably the best answer here. Might be
worth it for you to reconsider the idea. After we authenticate a user as privileged (we can
start with beloging to the superuser group) we could use the RPC codec which does not strip
security tags, thus giving higher level APIs / policy monitoring / policy validation tools
direct access to cell tags, and therefore ACL and visibility label metadata stored with them.


> Way to determine which labels are applied to a cell in a table
> --------------------------------------------------------------
>
>                 Key: HBASE-12470
>                 URL: https://issues.apache.org/jira/browse/HBASE-12470
>             Project: HBase
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 0.98.6.1
>            Reporter: Kevin Odell
>
> There is currently no way to determine which labels are applied to a cell without using
the HFile tool to dump each HFile and then translating the output back to the hbase:labels
table.  This is quite tedious on larger tables.  Since this could be a security risk perhaps
we make it tunable with hbase.superuser.can.veiw.cells or something along those lines?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message