[ https://issues.apache.org/jira/browse/HBASE-16700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15665402#comment-15665402 ]
Enis Soztutar commented on HBASE-16700: --------------------------------------- bq. Here I want to allow for whitelisting coprocessors, but as once can always be sneaky (or ignorant) and use someone else's class name in a multi-tenant environment, the only permissioning point I could get a handle on was the filesystem. I was asking whether we want to do class name white listing on top of path white listing. It should be fine for now. bq. This ensures one can now use file:/// for whitelisting but no hdfs:/// paths to achieve what you have asked for Phoenix (or any local coprocessors). I was more thinking of only allowing coprocessors already in the classpath. Phoenix coprocessors are not defined with a path, assuming that they are already under the hbase lib dir. So, not even random stuff from the local file system. If you configure the allowed path to be a non-existing path for example, you can achieve the affect, but it would be better if there is an easier way. Something like opposite of wildcard which matches no string so that user cannot ever dynamically load any coprocessor class. Can you please also add some doc / javadoc on how to configure this (maybe a couple of examples). > Allow for coprocessor whitelisting > ---------------------------------- > > Key: HBASE-16700 > URL: https://issues.apache.org/jira/browse/HBASE-16700 > Project: HBase > Issue Type: Improvement > Components: Coprocessors > Reporter: Clay B. > Priority: Minor > Labels: security > Attachments: HBASE-16700.000.patch, HBASE-16700.001.patch, > HBASE-16700.002.patch, HBASE-16700.003.patch, HBASE-16700.004.patch, > HBASE-16700.005.patch > > > Today one can turn off all non-system coprocessors with > {{hbase.coprocessor.user.enabled}} however, this disables very useful things > like Apache Phoenix's coprocessors. Some tenants of a multi-user HBase may > also need to run bespoke coprocessors. But as an operator I would not want > wanton coprocessor usage. Ideally, one could do one of two things: > * Allow coprocessors defined in {{hbase-site.xml}} -- this can only be > administratively changed in most cases > * Allow coprocessors from table descriptors but only if the coprocessor is > whitelisted -- This message was sent by Atlassian JIRA (v6.3.4#6332)