[
https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13916745#comment-13916745
]
Andrew Purtell edited comment on HBASE-10646 at 3/1/14 3:03 AM:
----------------------------------------------------------------
This can be an incremental process, with as many steps taken as needed until we
are collectively happy with the end state.
The security features can mostly be enabled independently, although most
features depend on secure authentication and secure RPC.
For this JIRA, it could be sufficient to enable most of the security features
in the default configuration, excepting those which have, due to their nature,
a performance consequence.
Next, we could in addition automatically load the security coprocessors as
system coprocessors. Either Java's ServiceLoader or Guice could be employed to
this end. I suggest using ServiceLoader in the same manner that Hadoop uses it
to load some security service modules, such as token services.
It should still be possible to change site configuration to turn off security
features which are not wanted.
Integrating security coprocessors into core code is out of scope here. In my
opinion that could be post 1.0 work.
was (Author: apurtell):
This can be an incremental process, with as many steps taken as needed until we
are collectively happy with the end state.
Currently, the security features can mostly be enabled independently, although
most features depend on secure authentication being turned on.
For this JIRA, it could be sufficient to enable most of the security features
in the default configuration, excepting those which have, due to their nature,
a performance consequence.
Next, we could in addition automatically load the security coprocessors as
system coprocessors. Either Java's ServiceLoader or Guice could be employed to
this end. I suggest using ServiceLoader in the same manner that Hadoop uses it
to load some security service modules, such as token services.
It should still be possible to change site configuration to turn off security
features which are not wanted.
Integrating security coprocessors into core code is out of scope here. In my
opinion that could be post 1.0 work.
> Enable security features by default for 1.0
> -------------------------------------------
>
> Key: HBASE-10646
> URL: https://issues.apache.org/jira/browse/HBASE-10646
> Project: HBase
> Issue Type: Task
> Affects Versions: 0.99.0
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
>
> As discussed in the last PMC meeting, we should enable security features by
> default in 1.0.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
