hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-14265) we should forbid creating table using 'hbase' namespace except by superuser
Date Sat, 22 Aug 2015 00:41:46 GMT

    [ https://issues.apache.org/jira/browse/HBASE-14265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14707698#comment-14707698
] 

Andrew Purtell commented on HBASE-14265:
----------------------------------------

bq. I reconsider this patch, and found this is not what i want. [...] we only forbid creating
table using 'hbase' namespace when security disabled

ok, that's fine

In which case, the only change I'd recommend is reusing our existing AccessDeniedException
instead of introducing a new exception type SystemNamespaceAccessException. This is because
with security enabled the AccessController will throw ADE back to the clients. Would be weird
for clients to need to deal potentially with two exception types whether or not security is
active.

> we should forbid creating table using 'hbase' namespace except by superuser
> ---------------------------------------------------------------------------
>
>                 Key: HBASE-14265
>                 URL: https://issues.apache.org/jira/browse/HBASE-14265
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Heng Chen
>         Attachments: HBASE-14265.patch, HBASE-14265_v2.patch, HBASE-14265_v3.patch
>
>
> Now, there is no limit for users who can create table under 'hbase' NameSpace. I think
it has some risk.
> Because we use {{TableName.systemTable}} to decide whether this table is System or not.
> But as code,  {{TableName.systemTable}} will be true, if NS equals "hbase'
> {code}
>  if (Bytes.equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME, namespace)) {
>         this.namespace = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME;
>         this.namespaceAsString = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR;
>         this.systemTable = true;
>       } 
> {code}
>  
> And we treat system table and normal table differently. 
> For example,  https://issues.apache.org/jira/browse/HBASE-14257 will flush fast if table
belong to system table.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message