hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12916) No access control for replicating WAL entries
Date Wed, 28 Jan 2015 08:00:56 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294845#comment-14294845
] 

Hudson commented on HBASE-12916:
--------------------------------

SUCCESS: Integrated in HBase-0.98-on-Hadoop-1.1 #782 (See [https://builds.apache.org/job/HBase-0.98-on-Hadoop-1.1/782/])
HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: rev aff1384a5ea171e1e3f5365d4e21bbcadfa2bfef)
* hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java


> No access control for replicating WAL entries
> ---------------------------------------------
>
>                 Key: HBASE-12916
>                 URL: https://issues.apache.org/jira/browse/HBASE-12916
>             Project: HBase
>          Issue Type: Bug
>          Components: Replication
>    Affects Versions: 2.0.0, 0.94.26, 0.98.12
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>             Fix For: 1.0.0, 2.0.0, 0.98.10, 1.1.0
>
>         Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, HBASE-12916-v3.diff, hbase-12916-0.98.patch
>
>
> Currently, there is no access control for replicating WAL entries in secure HBase cluster.
Any authenticated user can write any data they want to any table of a secure cluster by using
the replication api.
> Simple solution is  to add permission check before replicating WAL entries. And only
user with global write permission can replicate WAL entries to this cluster.
> Another option is adding "Replication" action in hbase and only user with "Replication"
permission can replicate WAL entries to this cluster?
> [~apurtell] 
> What's your suggestion? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message