Alexey Serbin has posted comments on this change. Change subject: [docs] Add security guide ......................................................................
Patch Set 2: (7 comments) http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc File docs/security.adoc: PS2, Line 108: When `required`, Kudu will reject unencrypted connections. Does it make sense to mention that connections on the same socket address (basically, connections between components on the same node/host) are not encrypted if --rpc_encrypt_loopback_connections is kept false by default? PS2, Line 153: included shown/exposed/divulged? PS2, Line 153: row data will : be redacted Maybe just '... row data is redacted'? Why does it necessary to use the future tense? PS2, Line 155: will not be redacted Maybe just 'is not redacted'? PS2, Line 165: data : will be redacted '... data is redacted ...' ? PS2, Line 224: The principal must be 'kudu'. The hard-coded service principal is 'kudu'. Line 238 I'm not sure what would be the best way of saying that, but, in short, since the system verifies authn token only when a new connection is being established, an already opened connection could be used even after the corresponding authn token is expired. Basically, if a client establishes all the necessary connections in the beginning with then-valid authn token and keeps those established connections open, it can work with the system indefinitely long (well, up to the point when those connections are closed due to restart of Kudu server components). -- To view, visit http://gerrit.cloudera.org:8080/6479 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ambreen Kazi <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Mike Percy <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-Reviewer: Will Berkeley <[email protected]> Gerrit-HasComments: Yes
