[
https://issues.apache.org/jira/browse/HBASE-14347?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matteo Bertozzi updated HBASE-14347:
------------------------------------
Resolution: Fixed
Fix Version/s: 0.98.16
1.1.3
1.0.3
1.2.0
2.0.0
Status: Resolved (was: Patch Available)
committed this to 0.98+, so people can use "hbase.dynamic.jars.dir" to limit
the security implication.
over HBASE-14554 we can try revisit the dynamic class loader code, to get rid
of the copy-to-local requirement.
> Add a switch to DynamicClassLoader to disable it
> ------------------------------------------------
>
> Key: HBASE-14347
> URL: https://issues.apache.org/jira/browse/HBASE-14347
> Project: HBase
> Issue Type: Bug
> Components: Client, defaults, regionserver
> Affects Versions: 2.0.0, 1.2.0, 1.1.2, 0.98.15, 1.0.3
> Reporter: Esteban Gutierrez
> Assignee: huaxiang sun
> Fix For: 2.0.0, 1.2.0, 1.0.3, 1.1.3, 0.98.16
>
> Attachments: HBASE-14347-v001.patch
>
>
> Since HBASE-1936 we have the option to load jars dynamically by default from
> HDFS or the local filesystem, however hbase.dynamic.jars.dir points to a
> directory that could be world writable it potentially opens a security
> problem in both the client side and the RS. We should consider to have a
> switch to enable or disable this option and it should be off by default.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
