hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yu Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15577) there need be a mechanism to enable ZK's ACL check when the authentication strategy is simple
Date Sat, 02 Apr 2016 13:22:25 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15222886#comment-15222886
] 

Yu Li commented on HBASE-15577:
-------------------------------

I think this is a good way to supply some light-weight security. Some review points:

In {{ZKUtil}}:
{noformat}
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
{noformat}
I think we should fall back to return {{Ids.OPEN_ACL_UNSAFE}} here.

In {{ZooKeeperWatcher}}:
{noformat}
+    if("master".equals(identifier) || "regionserver".equals(identifier)){
{noformat}
Why only read auth for HMaster/RS? IMO we should also support client auth right? If any special
reason to limit the auth to master/rs, we should use {{HMaster.MASTER}} and {{HRegionServer.REGIONSERVER}}
instead of the hard-coded strings.

Please also add some UT case for this feature. Thanks.

> there need be a mechanism to enable ZK's ACL check when the authentication strategy is
simple
> ---------------------------------------------------------------------------------------------
>
>                 Key: HBASE-15577
>                 URL: https://issues.apache.org/jira/browse/HBASE-15577
>             Project: HBase
>          Issue Type: Improvement
>    Affects Versions: 1.1.3
>            Reporter: chenxu
>            Assignee: chenxu
>         Attachments: HBASE-15577.patch, zk-set-acl.patch
>
>
> if the hbase.security.authentication is set to simple, the ZKUtil.createACL just return
Ids.OPEN_ACL_UNSAFE, means that there is no ACL check on the ZK's node.
> we can refactoring this to enables the ACL's check function



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message