[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398583#comment-13398583 ] Zhihong Ted Yu commented on HBASE-6253: --- Have you run all security related tests ? With this patch, how would _acl_ table be created on a clean cluster ? isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[
https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398649#comment-13398649
]
ramkrishna.s.vasudevan commented on HBASE-6253:
---
@Ted
{code}
if (!MetaReader.tableExists(master.getCatalogTracker(),
ACL_TABLE_NAME_STR)) {
master.createTable(ACL_TABLEDESC, null);
}
{code}
The acl creation goes thro' master.createTable. So it should be ok.
isLegalTableName API should check for the _acl_ table name
--
Key: HBASE-6253
URL: https://issues.apache.org/jira/browse/HBASE-6253
Project: HBase
Issue Type: Bug
Affects Versions: 0.94.0
Reporter: Gopinathan A
Fix For: 0.94.1
Attachments: HBASE-6253.patch
Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_
table name, due to this user can able to disable/enable/drop/create the acl
table.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398656#comment-13398656 ] Gopinathan A commented on HBASE-6253: - Sorry Ted.. I have not run the Security related tests. Your right acl table creation will be failed in this case :( My main intention to avoid user to perform disable/drop acl table. I think we can set setMetaFlags as true in HTableDescriptor constructor for _acl_ table also (like ROOT META). This will solve the table creation problem. isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398658#comment-13398658 ] Andrew Purtell commented on HBASE-6253: --- How can a user drop the ACL table if they are not authorized to do it? The string _acl_ as table name has no meaning unless the AccessController is installed. So -1 a core change that encodes it. isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398694#comment-13398694 ] Gopinathan A commented on HBASE-6253: - I felt even authorized user should not able to perform disable/drop operation. isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13398695#comment-13398695 ] Andrew Purtell commented on HBASE-6253: --- -1 any core code change here. Protect against the drop in the AccessController. isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HBASE-6253) isLegalTableName API should check for the _acl_ table name
[ https://issues.apache.org/jira/browse/HBASE-6253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13399057#comment-13399057 ] Gopinathan A commented on HBASE-6253: - I agree with your point. I will rework on this patch. isLegalTableName API should check for the _acl_ table name -- Key: HBASE-6253 URL: https://issues.apache.org/jira/browse/HBASE-6253 Project: HBase Issue Type: Bug Affects Versions: 0.94.0 Reporter: Gopinathan A Fix For: 0.94.1 Attachments: HBASE-6253.patch Currently HTableDescriptor.isLegalTableName API doesn't check for the _acl_ table name, due to this user can able to disable/enable/drop/create the acl table. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira
