[jira] [Commented] (HBASE-12916) No access control for replicating WAL entries

Tue, 27 Jan 2015 18:02:37 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-12916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14294587#comment-14294587
 ] 

Hudson commented on HBASE-12916:
--------------------------------

SUCCESS: Integrated in HBase-1.0 #694 (See 
[https://builds.apache.org/job/HBase-1.0/694/])
HBASE-12916 No access control for replicating WAL entries (Liu Shaohui) (enis: 
rev e8578c6d98ff2bd7b212378cc9dd0a78a31ae723)
* 
hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/BaseRegionServerObserver.java
* 
hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerCoprocessorHost.java
* 
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
* 
hbase-server/src/main/java/org/apache/hadoop/hbase/coprocessor/RegionServerObserver.java
* 
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* 
hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RSRpcServices.java


> No access control for replicating WAL entries
> ---------------------------------------------
>
>                 Key: HBASE-12916
>                 URL: https://issues.apache.org/jira/browse/HBASE-12916
>             Project: HBase
>          Issue Type: Bug
>          Components: Replication
>    Affects Versions: 2.0.0, 0.94.26, 0.98.12
>            Reporter: Liu Shaohui
>            Assignee: Liu Shaohui
>             Fix For: 1.0.0, 2.0.0, 1.1.0, 0.98.11
>
>         Attachments: HBASE-12916-v1.diff, HBASE-12916-v2.diff, 
> HBASE-12916-v3.diff
>
>
> Currently, there is no access control for replicating WAL entries in secure 
> HBase cluster. Any authenticated user can write any data they want to any 
> table of a secure cluster by using the replication api.
> Simple solution is  to add permission check before replicating WAL entries. 
> And only user with global write permission can replicate WAL entries to this 
> cluster.
> Another option is adding "Replication" action in hbase and only user with 
> "Replication" permission can replicate WAL entries to this cluster?
> [~apurtell] 
> What's your suggestion? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to