[
https://issues.apache.org/jira/browse/HBASE-14265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14706359#comment-14706359
]
Heng Chen commented on HBASE-14265:
-----------------------------------
[~apurtell] I reconsider this patch, and found this is not what i want.
As your suggestions, if security is active, everything is OK. And we has no
need to check table's NS in HMaster, because we can set normal users ACLs to
'hbase' Namespace.
But if we disable the security, user can still create table using 'hbase'
namespace.
IMO we should forbid this action.
> we should forbid creating table using 'hbase' namespace except by superuser
> ---------------------------------------------------------------------------
>
> Key: HBASE-14265
> URL: https://issues.apache.org/jira/browse/HBASE-14265
> Project: HBase
> Issue Type: Bug
> Reporter: Heng Chen
> Attachments: HBASE-14265.patch, HBASE-14265_v2.patch
>
>
> Now, there is no limit for users who can create table under 'hbase'
> NameSpace. I think it has some risk.
> Because we use {{TableName.systemTable}} to decide whether this table is
> System or not.
> But as code, {{TableName.systemTable}} will be true, if NS equals "hbase'
> {code}
> if (Bytes.equals(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME, namespace)) {
> this.namespace = NamespaceDescriptor.SYSTEM_NAMESPACE_NAME;
> this.namespaceAsString =
> NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR;
> this.systemTable = true;
> }
> {code}
>
> And we treat system table and normal table differently.
> For example, https://issues.apache.org/jira/browse/HBASE-14257 will flush
> fast if table belong to system table.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
