hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14265) we should forbid creating table using 'hbase' namespace
Date Thu, 20 Aug 2015 15:11:46 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705088#comment-14705088
] 

Andrew Purtell commented on HBASE-14265:
----------------------------------------

Have you tried this patch with security features active? Does this prevent the creation of
the ACL and labels tables? If so this can be fixed by conditionally allowing the create if
the effective user is a superuser, see Superusers#isSuperUser

> we should forbid creating table using 'hbase' namespace
> -------------------------------------------------------
>
>                 Key: HBASE-14265
>                 URL: https://issues.apache.org/jira/browse/HBASE-14265
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Heng Chen
>         Attachments: HBASE-14265.patch
>
>
> Now, there is no limit for users who can create table under 'hbase' NameSpace. I think
it has some risk.
> Because we use {{TableName.systemTable}} to decide whether this table is System or not.
> But as code,  {{TableName.systemTable}} will be true, if NS equals "hbase'
> {code}
>  if (Bytes.equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME, namespace)) {
>         this.namespace = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME;
>         this.namespaceAsString = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR;
>         this.systemTable = true;
>       } 
> {code}
>  
> And we treat system table and normal table differently. 
> For example,  https://issues.apache.org/jira/browse/HBASE-14257 will flush fast if table
belong to system table.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message