Vandana Ayyalasomayajula created HBASE-7330:
-----------------------------------------------
Summary: Security hooks missing in region server and master APIs.
Key: HBASE-7330
URL: https://issues.apache.org/jira/browse/HBASE-7330
Project: HBase
Issue Type: Umbrella
Components: master, regionserver, security
Affects Versions: 0.94.3, 0.96.0
Reporter: Vandana Ayyalasomayajula
Some of the APIs in Master and Region server are missing hooks to the
coprocessors. So even if security is enabled, an unauthorized user can perform
certain operations.
The following is the list of operations:
1. HMaster.offline()
2. HMaster.getHTableDescriptors()
3. HMaster.getHTableDescriptors(List<String> tableNames)
4. HRegionServer.getRegionInfo()
5. HRegionInterface.getLastFlushTime()
6. HRegionInterface.getStoreFileList(byte[] regionName, byte[] columnFamily)
7. HRegionInterface.getStoreFileList(byte[] regionName, byte[][] columnFamilies)
8. HRegionInterface.getStoreFileList(byte[] regionName
9. HRegionInterface.lockRow(final byte [] regionName, final byte [] row)
10. HRegionInterface.unlockRow(final byte [] regionName, final long lockId)
11. HRegionInterface.getOnlineRegions()
12. HRegionInterface.getHServerInfo()
13. HRegionInterface.replicateLogEntries(HLog.Entry[] entries)
14. HRegionInterface.stop()
15. HRegionInterface.OpenRegions()
16. HRegionInterface.closeRegion()
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
