Dan Burkert has posted comments on this change. Change subject: [docs] Add security guide ......................................................................
Patch Set 2: (30 comments) http://gerrit.cloudera.org:8080/#/c/6479/2/docs/security.adoc File docs/security.adoc: PS2, Line 33: a list of : security features which are known deficiencies in the security capabilities. > a list of known deficiencies in Kudu's security capabilities. Done Line 40: gaining access to Kudu, and securely identifies the connecting user for > user or service Done PS2, Line 41: the purposes of authorization decisions > .. for authorization checks. Done PS2, Line 53: Secure clusters : should > To secure a cluster, always ... Done PS2, Line 65: is able to offer > 1 word - offers Done PS2, Line 77: limited to seven days of validi > rewrite - are only valid for seven days, so that even if a token were compr Done PS2, Line 79: the users of : Kudu > just 'users' Done PS2, Line 80: is able to take > 1 word - takes Done PS2, Line 81: , > remove comma Done PS2, Line 81: needing to communicate > 1 word - communicating Done PS2, Line 108: When `required`, Kudu will reject unencrypted connections. > Does it make sense to mention that connections on the same socket address ( Done PS2, Line 110: Secure clusters : should > To secure a cluster, use .. Done PS2, Line 117: may > can Done PS2, Line 120: `kudu tserver set_flag` > describe this in words rather than just the command. Done PS2, Line 127: Kudu internally > Internally, Kudu has ... Done PS2, Line 128: may not > cannot Done PS2, Line 131: based on > using Done Line 132: one for each of the two levels. Each access control list specifies a comma-separated > .. list 'either' specifies a comma .. Done PS2, Line 138: A > lower case Done PS2, Line 153: included > shown/exposed/divulged? Done PS2, Line 153: row data will : be redacted > Maybe just '... row data is redacted'? Why does it necessary to use the fu Done PS2, Line 153: row data will : be redacted > I meant 'Why is it necessary to use the future tense?' Done PS2, Line 155: will not be redacted > Maybe just 'is not redacted'? Done PS2, Line 155: may > can Done PS2, Line 158: such as `/metrics` : which may be relied upon by monitoring systems to gather metrics data. > such as `/metrics`. Monitoring systems rely on these endpoints to gather me Done PS2, Line 165: data : will be redacted > '... data is redacted ...' ? Done Line 166: will be redacted. This feature can be turned off using the `--redact` flag > by default? Done Line 213: Kudu has a few known security limitations: > Flume? Done PS2, Line 224: The principal must be 'kudu'. > The hard-coded service principal is 'kudu'. That's true, but this is saying that the administrator must use the 'kudu' principal as well. Line 238 > I'm not sure what would be the best way of saying that, but, in short, sinc This is a good point. I'm not 100% sure it's appropriate as a known-issue, since it's by design, and we most likely won't ever change it. -- To view, visit http://gerrit.cloudera.org:8080/6479 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iabf60804975dc105243626be48d3a141c9a4dab5 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Ambreen Kazi <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Mike Percy <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-Reviewer: Will Berkeley <[email protected]> Gerrit-HasComments: Yes
