[
https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095470#comment-14095470
]
Larry McCay commented on HDFS-6134:
-----------------------------------
I guess if webhdfs is allowed to doAs the end user 'hdfs' then that can be a
problem.
But again, I don't see what keeps an admin from doing that with httpfs as well.
It seems as though KMS needs to have the ability to not allow 'hdfs' user gain
keys through any trusted proxy but still allow a trusted proxy that is running
as a superuser to doAs other users.
> Transparent data at rest encryption
> -----------------------------------
>
> Key: HDFS-6134
> URL: https://issues.apache.org/jira/browse/HDFS-6134
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0, 2.3.0
> Reporter: Alejandro Abdelnur
> Assignee: Charles Lamb
> Attachments: HDFS-6134.001.patch, HDFS-6134.002.patch,
> HDFS-6134_test_plan.pdf, HDFSDataatRestEncryption.pdf,
> HDFSDataatRestEncryptionProposal_obsolete.pdf,
> HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive
> data at rest must be in encrypted form. For example: the healthÂcare industry
> (HIPAA regulations), the card payment industry (PCI DSS regulations) or the
> US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can
> be used transparently by any application accessing HDFS via Hadoop Filesystem
> Java API, Hadoop libhdfs C library, or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with
> different regulation requirements.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
