Hi, This is tricky... You could either take the Compression framework we have and have a encryption framework in addition, although we'd still leak data in the block index.
Or you could go with whole-file encryption at the HDFS level. There are some more issues you'd need to solve: - key management... all RS would require the key, therefore someone with user level access to the machine could discover it. - performance - security, what's the point of encryption if we let anyone ask for any bit of data anyways? One other thing, we use row keys to build META keys, which is another source of leakage. These fine issues would need to be resolved to build a bullet proof solution. -ryan On Tue, Nov 16, 2010 at 3:16 PM, Preetam Joshi <[email protected]> wrote: > Hi, > > I am a graduate student and I am working on implementing a few security > features for HBase, one of which is described as follows: > > => Before the data is stored into the actual physical disk, I would want to > encrypt the data before storing it. I would like to do it on the server side. > > Could anyone tell me which particular module I should look at to achieve this? > > Thanks in advance. > > Regards, > Preetam > > > >
