[
https://issues.apache.org/jira/browse/HBASE-12470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14211325#comment-14211325
]
Andrew Purtell edited comment on HBASE-12470 at 11/13/14 9:33 PM:
------------------------------------------------------------------
This is also an issue for cell ACLs.
As Anoop mentioned we strip security tags in the RPC layer so we don't leak
sensitive information to users, untrusted or otherwise. We can vary the codec
but only globally by configuration.
In the run up to 0.98.0, while we were still at 0.97-SNAPSHOT, I proposed a
couple of variations on per connection codec negotiation that didn't go
anywhere on account of lack of time, interest, and community will.
Per-connection negotiation is probably the best answer here. Might be worth it
for you to reconsider the idea. After we authenticate a user as privileged (we
can start with beloging to the superuser group) we could use the RPC codec
which does not strip security tags, thus giving higher level APIs / policy
monitoring / policy validation tools direct access to cell tags, and therefore
ACL and visibility label metadata stored with them. This requires the ability
to swap RPC codecs on a per connection basis, after the authorization
handshake, so some sort of negotiation...
was (Author: apurtell):
This is also an issue for cell ACLs.
As Anoop mentioned we strip security tags in the RPC layer so we don't leak
sensitive information to users, untrusted or otherwise. We can vary the codec
but only globally by configuration.
In the run up to 0.98.0, while we were still at 0.97-SNAPSHOT, I proposed a
couple of variations on per connection codec negotiation that didn't go
anywhere on account of lack of time, interest, and community will.
Per-connection negotiation is probably the best answer here. Might be worth it
for you to reconsider the idea. After we authenticate a user as privileged (we
can start with beloging to the superuser group) we could use the RPC codec
which does not strip security tags, thus giving higher level APIs / policy
monitoring / policy validation tools direct access to cell tags, and therefore
ACL and visibility label metadata stored with them.
> Way to determine which labels are applied to a cell in a table
> --------------------------------------------------------------
>
> Key: HBASE-12470
> URL: https://issues.apache.org/jira/browse/HBASE-12470
> Project: HBase
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.98.6.1
> Reporter: Kevin Odell
>
> There is currently no way to determine which labels are applied to a cell
> without using the HFile tool to dump each HFile and then translating the
> output back to the hbase:labels table. This is quite tedious on larger
> tables. Since this could be a security risk perhaps we make it tunable with
> hbase.superuser.can.veiw.cells or something along those lines?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
