hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Esteban Gutierrez <este...@cloudera.com>
Subject Re: hbase attack scenarios?
Date Wed, 06 Aug 2014 05:08:42 GMT
Hello Will,

Thats a very interesting topic. Unfortunately many things depend on the
version of HBase is under attack. As you say 1) DoS are too easy to trigger
if HBase is exposed directly to applications and without any data
validation, e.g. crafting the right RPC its possible to trigger an OOME in
the RSs if running version prior to 0.94.x or 2) by looking at RPCs on the
wire is trivial to perform replay attack if SASL is not being used. Even
having additional layers like Thrift or REST there are limitations that
need to be considered when exposing live traffic to HBase to avoid DDoS or
other attacks.  I think interesting attacks have been discussed before such
as https://issues.apache.org/jira/browse/HBASE-11070 and
https://issues.apache.org/jira/browse/HBASE-11457

cheers,
esteban.

--
Cloudera, Inc.



On Tue, Aug 5, 2014 at 9:46 PM, Wilm Schumacher <wilm.schumacher@cawoom.com>
wrote:

> Hi,
>
> sry for asking a fundamental newbie question again :/.
>
> But after coding some applications with using hbase I want to reconsider
> the security. Especially after today some (i.e. billions) e-mail
> addresses and hashes are stolen.
>
> So, my question is: what are the most prominent and general attack
> scenarios on a e.g. web app using hbase?
>
> The official documentation
> http://hbase.apache.org/book/security.html
> is not very verbose about this topic.
>
> Of course this depends on the application, but I would appreciate
> general hints to possible attacks, which could be interesting for other
> readers of this mailing list, too.
>
> Perhaps as an example we could image a social network:
>
> * with a table for the users (rowkey = username, data:passwdhash,
> data:birthdate, data:firstname, data:lastname etc., and chatid:XYZ,
> chatid:ZYX etc.)
>
> * and a table for communication ("chat") between this persons (rowkey =
> chatID + Timestamp).
>
> * using the thrift interface (or somthing special adopted but similar to
> the thrift interface. Some get, some mutateRow operations etc.)
>
> for this application I can only image 4 possible attacks (which are
> actually not specific to hbase)
> 1.) DOS
> => Firewall protection. But nobody can do something against that if it's
> large enough
>
> 2.) Capturing of the application server (web server in this case) and
> getting direct access to the db (and then do a scan of the data)
> => user access control (e.g.
> http://hbase.apache.org/book/hbase.accesscontrol.configuration.html)
>
> 3.) errors in the (web-)application so that a user is allowed to read
> chats of other people (by e.g. spoofing of requests)
>
> 4.) cross site scripting and cross site forgery (or session capturing etc.)
>
> 1 and 2 are standard attacks which affects every system, db or server,
> and can be avoided by standard methods. 3 and 4 are standard tricks for
> web apps where hbase cannot do anything to protect the data (where it's
> actually not important which db someone uses). But there are trillions
> of possible strategies against that.
>
> But I cannot imagine something like an SQL-injection, where the
> avoidance of the attack have to be build into the application (escaping
> etc).
>
> Are there any hbase specific attacks you can imagine?
>
> Best wishes
>
> Wilm
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message