https://issues.apache.org/jira/browse/HBASE-11070
On Thu, Apr 24, 2014 at 11:12 AM, Vandana Ayyalasomayajula <
avand...@yahoo-inc.com> wrote:
> From the users end, I think its better to let them know that they don't
> have proper
> authorizations ( when they actually don't have ), rather than r
From the users end, I think its better to let them know that they don't have
proper
authorizations ( when they actually don't have ), rather than returning empty
result.
I am in favor of having a setting which restores early access denial.
On Apr 24, 2014, at 10:49 AM, Andrew Purtell wrote:
Thanks. The perspective is valuable.
Unfortunately we had to commit these changes to get them reviewed. But
we've flagged HFileV3 as experimental through the 0.98 cycle in public
comments about 0.98 (blog posts, presentations), and these features all
depend on HFileV3, so I think allows us some fr
On Thu, Apr 24, 2014 at 10:13 AM, Andrew Purtell wrote:
> > Does this leave us open to leaking row existence due to timing
> differences?
>
> I think I have to answer yes because we've never considered a defense
> against this kind of attack against HBase data sources ever. As you say it
> would d
> Does this leave us open to leaking row existence due to timing
differences?
I think I have to answer yes because we've never considered a defense
against this kind of attack against HBase data sources ever. As you say it
would depend on schema design. Do you think defending against timing
attac
Does this leave us open to leaking row existence due to timing differences?
For example, imagine you had a table where I happened to know (eg from
reading your design docs on the wiki) that the key is made up of social
security numbers. If I wanted to come up with a list of valid SSNs, I could
iss
This is an intended change that was done as part of introducing cell ACLs.
Otherwise we can't support use cases where the user has no authorization on
the table or CF level but cell ACLs grant exceptional access. It also
brings the AccessController behavior in line with the new
VisibilityController
