hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@jalilweb.com
Subject Re: How do I setup authentication/permissions for an hbase database?
Date Sat, 02 Oct 2010 09:30:00 GMT
Thank you Andrew and all who replied,

It is good to know what's available and what's not, so that I can plan  
the way my
application works.

Having no security is a big issue for me, since I am using Hbase on EC2.

Knowing the internal IP of the Hbase master is the only thing a hacker  
needs to bring my
database down.

In fact I could write a script now, to go and create a table in any  
Hbase running out
there on ec2. Of course, I don't have the motivation or time to to do  
that, but others
might do.

Your answers are telling me not to commit my designs to Hbase and have  
another system to
fall back to. Or maybe just learn how to build an application around  
Hbase, while the
latter is being developed/improved/patched up.

I understand that I should not expect to have all features I would  
like available in
Hbase, not least because it is provided free of charge and there is a  
number of
committed, good people trying to make everyone happy.

However I believe that security should have been the first priority in  
the development
process. It just makes sense to me.

I suggest the wiki should have a FAQ about security, as I had to  
search google for an
answer, but couldn't find any good sources.

I hope my question and your timely response might help someone out  
there looking for this
answer.

Many thanks to all, and keep up the good work.

kind regards,

Jalil

Quoting Andrew Purtell <apurtell@apache.org>:

>> Is a security feature available that I am not aware of? if
>> not? what is the point to create a database that can be
>> edited/deleted by anonymous users?
>
> That's kind of a loaded question but I'll bite.
>
> Single tenancy is common in systems of this type, which are meant   
> for deployment into back end systems and underpin some customer   
> facing application, but do not directly serve access to arbitrary   
> users. Hadoop in general has at best a weak notion of user   
> separation. Until Yahoo released a variant of 0.20 that uses   
> Kerberos for strong autentication it was trivial to masquerade as   
> any user, completely bypassing UGI permissions in HDFS. There are   
> some remaining problems but secure Hadoop (secure HDFS) does provide  
>  some data isolation.
>
> We have a patched version of HBase that can run on top of secure   
> Hadoop. You immediately get the benefit of HDFS data isolation --   
> other system users cannot access _your_ HBase data in HDFS. And they  
>  cannot authenticate as you so cannot connect to _your_ HBase  
> cluster  if you configure it as such.
>
> However, in fact HBase as a project does want to support a fine   
> grained permissions model such that you'd expect coming from   
> Postgres or MySQL or Oracle, multitenancy intrinsic to the database.  
>  See HBASE-1697, HBASE-3025, and HBASE-3045, as issues to watch over  
>  the coming few months.
>
> Best regards,
>
>     - Andy
>
>
> --- On Fri, 10/1/10, acc2@jalilweb.com <acc2@jalilweb.com> wrote:
>
>> From: acc2@jalilweb.com <acc2@jalilweb.com>
>> Subject: How do I setup authentication/permissions for an hbase database?
>> To: user@hbase.apache.org
>> Date: Friday, October 1, 2010, 5:04 AM
>> Hello,
>>
>> I cannot find any information about secure user access to
>> an hbase database.
>>
>> I want to create an hbase database but want to allow only
>> certain users to access it.
>>
>> Currently, anyone can access, write to, delete my tables in
>> my hbase database.
>>
>> Is a security feature available that I am not aware of? if
>> not? what is the point to create a database that can be
>> edited/deleted by anonymous users?
>>
>> Many thanks,
>>
>> Jalil
>>
>>
>
>
>
>
>




Mime
View raw message