[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017914#comment-14017914 ] Andrew Purtell commented on HBASE-10646: This JIRA proposes automatically setting up the more complicated piecemeal configurations of security components programmatically based on a single boolean toggle. There would be no more or less overhead than before, it's configuration only changes. There is another JIRA open that considers moving security features from coprocessors into core, that is .HBASE-11127. Your concerns about additional unconditional overhead in operation processing are definitely valid there [~ishanc]. bq. Will main RPCs like Get, Put, etc (apart from the admin RPCs) also be secured after that change? Only if enabled. bq. Also, +1 for a simple security = false option. That is what is proposed on this issue. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017200#comment-14017200 ] Ishan Chhabra commented on HBASE-10646: --- Will main RPCs like Get, Put, etc (apart from the admin RPCs) also be secured after that change? Any extra overhead in these RPCs would be unacceptable in our use case. Also, +1 for a simple security = false option. I believe many users don't need security and any extra overhead (in terms of deployment complexity or runtime overheads) would not be preferable. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13994515#comment-13994515 ] Andrew Purtell commented on HBASE-10646: Related to HBASE-11127 > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell >Assignee: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13920386#comment-13920386 ] Gary Helmling commented on HBASE-10646: --- bq. Can we just have a single security == true or security == false config property? There's a JIRA for that! See HBASE-4817. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell >Assignee: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13920370#comment-13920370 ] Andrew Purtell commented on HBASE-10646: bq. Does "merging" the secure rpc into the normal rpc make sense – a negotiation at connection time and a runtime variable that says requires or doesn't require secure rpc The other security features that depend on subject identity not being spoofed won't provide any assurance unless strong authentication is in effect. bq. Can we just have a single security == true or security == false config property? Yes I think that makes sense. It could enable the majority of features. It could enable secure HBase RPC, set up ZooKeeper so we restrict internal znodes with SASL ACLs, and trigger enumeration of security coprocessors to be loaded as system coprocessors, Specifically excluded should be the encrypting WAL writer. By its nature encryption introduces latency, and on the WAL that lowers the ceiling on systemwide write throughput. We can discuss this further on HBASE-10077 and HBASE-10095 maybe. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell >Assignee: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13919347#comment-13919347 ] Jonathan Hsieh commented on HBASE-10646: bq. The security features can mostly be enabled independently, although most features depend on secure authentication and secure RPC. My understanding is that secure rpc is a separate implementation from the normal rpc today. Does "merging" the secure rpc into the normal rpc make sense -- a negotiation at connection time and a runtime variable that says requires or doesn't require secure rpc? bq. For this JIRA, it could be sufficient to enable most of the security features in the default configuration, excepting those which have, due to their nature, a performance consequence. Can we just have a single security == true or security == false config property? For snapshots we added so that users only had to set that -- all the various plugins required for it to work got added when snapshots.enabled was set to true. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell >Assignee: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-10646) Enable security features by default for 1.0
[ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13916745#comment-13916745 ] Andrew Purtell commented on HBASE-10646: This can be an incremental process, with as many steps taken as needed until we are collectively happy with the end state. Currently, the security features can mostly be enabled independently, although most features depend on secure authentication being turned on. For this JIRA, it could be sufficient to enable most of the security features in the default configuration, excepting those which have, due to their nature, a performance consequence. Next, we could in addition automatically load the security coprocessors as system coprocessors. Either Java's ServiceLoader or Guice could be employed to this end. I suggest using ServiceLoader in the same manner that Hadoop uses it to load some security service modules, such as token services. It should still be possible to change site configuration to turn off security features which are not wanted. Integrating security coprocessors into core code is out of scope here. In my opinion that could be post 1.0 work. > Enable security features by default for 1.0 > --- > > Key: HBASE-10646 > URL: https://issues.apache.org/jira/browse/HBASE-10646 > Project: HBase > Issue Type: Task >Affects Versions: 0.99.0 >Reporter: Andrew Purtell >Assignee: Andrew Purtell > > As discussed in the last PMC meeting, we should enable security features by > default in 1.0. -- This message was sent by Atlassian JIRA (v6.1.5#6160)