hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
Date Wed, 28 Jan 2015 02:01:35 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294587#comment-14294587
] 

Hudson commented on HBASE-12916:
--------------------------------

SUCCESS: Integrated in HBase-1.0 #694 (See [https://builds.apache.org/job/HBase-1.0/694/])
HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev e8578c6d98ff2bd7b212378cc9dd0a78a31ae723)
* hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
* hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java


> No access control for replicating WAL entries
> ---------------------------------------------
>
>                 Key: HBASE-12916
>                 URL: https://issues.apache.org/jira/browse/HBASE-12916
>             Project: HBase
>          Issue Type: Bug
>          Components: Replication
>    Affects Versions: 2.0.0, 0.94.26, 0.98.12
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>             Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11
>
>         Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, HBASE-12916-v3.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure HBase cluster.
Any authenticated user can write any data they want to any table of a secure cluster by using
the replication api.
> Simple solution is  to add permission check before replicating WAL entries. And only
user with global write permission can replicate WAL entries to this cluster.
> Another option is adding "Replication" action in hbase and only user with "Replication"
permission can replicate WAL entries to this cluster?
> [~apurtell] 
> What's your suggestion? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message