[
https://issues.apache.org/jira/browse/HBASE-20894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16548550#comment-16548550
]
Vladimir Rodionov commented on HBASE-20894:
-------------------------------------------
I do not see how protobuf helps here with security and, personally, do not
consider this as a significant security issue for HBase. This can be easily
prevented, by setting right permissions on a file system access, at least in
case of serialized data stored in file system. Again, imho.
If you are looking for perfectly secured java serde library, I do not think it
exists, [~mdrob], otherwise there are a plenty out there, starting with Kryo,
but I do not think that HBase needs new dependency only for BucketCache ser/de
code.
> Move BucketCache from java serialization to protobuf
> ----------------------------------------------------
>
> Key: HBASE-20894
> URL: https://issues.apache.org/jira/browse/HBASE-20894
> Project: HBase
> Issue Type: Task
> Components: BucketCache
> Affects Versions: 2.0.0
> Reporter: Mike Drob
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: HBASE-20894.WIP-2.patch, HBASE-20894.WIP.patch
>
>
> We should use a better serialization format instead of Java Serialization for
> the BucketCache entry persistence.
> Suggested by Chris McCown, who does not appear to have a JIRA account.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
