[jira] [Commented] (HBASE-11127) Move security features into core
[
https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14017923#comment-14017923
]
Andrew Purtell commented on HBASE-11127:
On HBASE-10646 and
https://issues.apache.org/jira/browse/HBASE-10646?focusedCommentId=14017200page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14017200
[~ishanc] said:
{quote}
Will main RPCs like Get, Put, etc (apart from the admin RPCs) also be secured
after that change? Any extra overhead in these RPCs would be unacceptable in
our use case.
{quote}
In the context of the discussion on this issue, the answer I think must be yes.
We split out the security components and in fact developed the coprocessor
framework exactly so security would not add overhead in response processing if
security features were not required. (Strictly speaking each coprocessor hook
adds ~100ns but that is unavoidable and we take great care to limit the number
of hook sites in hot code.)
Move security features into core
Key: HBASE-11127
URL: https://issues.apache.org/jira/browse/HBASE-11127
Project: HBase
Issue Type: Improvement
Reporter: Andrew Purtell
HBASE-11126 mentions concurrency issues we are running into as the security
code increases in sophistication, due to current placement of coprocessor
hooks, and proposes a solution to those issues with the expectation that
security code remains outside of core in coprocessors. However, as an
alternative we could consider moving all AccessController and
VisibilityController related code into core. Worth discussing?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (HBASE-11127) Move security features into core
[ https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13998990#comment-13998990 ] Jerry He commented on HBASE-11127: -- Sounds good! Some additional suggestions: 1. We probably wan to have security controller flexibility and plug-ability. For example, elevate an interface/abstract class framework of its own. The current controller implementations are default. 2. Split the controller into master side and region server. The current AccessController contains everything, which seems to be crowded. Move security features into core Key: HBASE-11127 URL: https://issues.apache.org/jira/browse/HBASE-11127 Project: HBase Issue Type: Improvement Reporter: Andrew Purtell HBASE-11126 mentions concurrency issues we are running into as the security code increases in sophistication, due to current placement of coprocessor hooks, and proposes a solution to those issues with the expectation that security code remains outside of core in coprocessors. However, as an alternative we could consider moving all AccessController and VisibilityController related code into core. Worth discussing? -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11127) Move security features into core
[ https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13998399#comment-13998399 ] Andrew Purtell commented on HBASE-11127: I think we can get a shippable result fairly quickly by calling into the existing security package code from sites near the current coprocessor hooks. We can then refactor further without disturbing functionality or API through the lifetime of 1.0. Move security features into core Key: HBASE-11127 URL: https://issues.apache.org/jira/browse/HBASE-11127 Project: HBase Issue Type: Improvement Reporter: Andrew Purtell HBASE-11126 mentions concurrency issues we are running into as the security code increases in sophistication, due to current placement of coprocessor hooks, and proposes a solution to those issues with the expectation that security code remains outside of core in coprocessors. However, as an alternative we could consider moving all AccessController and VisibilityController related code into core. Worth discussing? -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (HBASE-11127) Move security features into core
[ https://issues.apache.org/jira/browse/HBASE-11127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13998125#comment-13998125 ] Jerry He commented on HBASE-11127: -- Good alternative. Security needs a dedicated place. Move security features into core Key: HBASE-11127 URL: https://issues.apache.org/jira/browse/HBASE-11127 Project: HBase Issue Type: Improvement Reporter: Andrew Purtell HBASE-11126 mentions concurrency issues we are running into as the security code increases in sophistication, due to current placement of coprocessor hooks, and proposes a solution to those issues with the expectation that security code remains outside of core in coprocessors. However, as an alternative we could consider moving all AccessController and VisibilityController related code into core. Worth discussing? -- This message was sent by Atlassian JIRA (v6.2#6252)
