hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chia-Ping Tsai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-19093) Check Admin/Table to ensure all operations go via AccessControl
Date Mon, 20 Nov 2017 16:37:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259448#comment-16259448
] 

Chia-Ping Tsai commented on HBASE-19093:
----------------------------------------

bq. Currently the test does not check the implemented methods of RegionObserver interface,
because it contains lots of methods which are not important for security checks. What do you
think about it?
Could we have a list of methods which should be not in access control in the test case? Or
we can introduce a *annotation* to denotes the hooks which need to be authorized. 

> Check Admin/Table to ensure all operations go via AccessControl
> ---------------------------------------------------------------
>
>                 Key: HBASE-19093
>                 URL: https://issues.apache.org/jira/browse/HBASE-19093
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: stack
>            Assignee: Balazs Meszaros
>            Priority: Blocker
>             Fix For: 2.0.0-beta-1
>
>         Attachments: HBASE-19093.master.001.patch
>
>
> A cursory review of Admin Interface has a bunch of methods as open, with out AccessControl
checks. For example, procedure executor has not check on it.
> This issue is about given the Admin and Table Interfaces a once-over to see what is missing
and to fill in access control where missing.
> This is a follow-on from work over in HBASE-19048



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message