[
https://issues.apache.org/jira/browse/HBASE-30130?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Kyle Purtell updated HBASE-30130:
----------------------------------------
Hadoop Flags: Reviewed
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Add a security-model section to the website
> --------------------------------------------
>
> Key: HBASE-30130
> URL: https://issues.apache.org/jira/browse/HBASE-30130
> Project: HBase
> Issue Type: Task
> Reporter: Andrew Kyle Purtell
> Assignee: Andrew Kyle Purtell
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0-alpha-1
>
>
> Add a "Security Model" page to the Apache HBase website, following the ASF
> Security Team's recommendation for projects to document their security
> assumptions.
> The page defines HBase's trust boundaries, explains that HBase's default
> unauthenticated configuration is intended only for development and testing,
> and clarifies security expectations for gateway services, coprocessors, web
> UIs, and transport encryption. It enumerates what constitutes a valid
> vulnerability versus what does not, providing clear guidance for operators,
> security researchers, and the ASF Security Team when triaging incoming
> reports.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
