[
https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13916745#comment-13916745
]
Andrew Purtell edited comment on HBASE-10646 at 3/1/14 3:06 AM:
----------------------------------------------------------------
This can be an incremental process, with as many steps taken as needed until we
are collectively happy with the end state.
The security features can mostly be enabled independently, although most
features depend on secure authentication and secure RPC.
For this JIRA, it could be sufficient to enable most of the security features
in the default configuration, excepting those which have, due to their nature,
a performance consequence.
Next, we could in addition automatically load the security coprocessors as
system coprocessors without requiring us or users to maintain a list of
classnames in the site file. Either Java's ServiceLoader or Guice could be
employed to this end. I suggest using ServiceLoader in the same manner that
Hadoop uses it to load some security service modules, such as token services.
It should still be possible to change site configuration to turn off security
features which are not wanted.
Integrating security coprocessors into core code is out of scope here. In my
opinion that could be post 1.0 work.
I expect the bulk of work required for this JIRA will be updating unit tests to
work correctly with security enabled or to disable security if that subsystem
is not under test in any way.
was (Author: apurtell):
This can be an incremental process, with as many steps taken as needed until we
are collectively happy with the end state.
The security features can mostly be enabled independently, although most
features depend on secure authentication and secure RPC.
For this JIRA, it could be sufficient to enable most of the security features
in the default configuration, excepting those which have, due to their nature,
a performance consequence.
Next, we could in addition automatically load the security coprocessors as
system coprocessors without requiring us or users to maintain a list of
classnames in the site file. Either Java's ServiceLoader or Guice could be
employed to this end. I suggest using ServiceLoader in the same manner that
Hadoop uses it to load some security service modules, such as token services.
It should still be possible to change site configuration to turn off security
features which are not wanted.
Integrating security coprocessors into core code is out of scope here. In my
opinion that could be post 1.0 work.
> Enable security features by default for 1.0
> -------------------------------------------
>
> Key: HBASE-10646
> URL: https://issues.apache.org/jira/browse/HBASE-10646
> Project: HBase
> Issue Type: Task
> Affects Versions: 0.99.0
> Reporter: Andrew Purtell
> Assignee: Andrew Purtell
>
> As discussed in the last PMC meeting, we should enable security features by
> default in 1.0.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
