Hi All,
We have seen a behavior change in the manner AccessController blocks
unauthorized users between 0.94 and 0.98.
In 0.98, if an unauthorized user tried to perform GET, SCAN empty results are
returned, whereas the same operations
in 0.94 used to throw access denied exceptions.
Is this a
Fengdong Yu created HBASE-11067:
---
Summary: HBase cannot build againt Hadoop branch-2
Key: HBASE-11067
URL: https://issues.apache.org/jira/browse/HBASE-11067
Project: HBase
Issue Type: Bug
Carter created HBASE-11068:
--
Summary: Update code to use Admin factory method instead of
constructor
Key: HBASE-11068
URL: https://issues.apache.org/jira/browse/HBASE-11068
Project: HBase
Issue Typ
This is an intended change that was done as part of introducing cell ACLs.
Otherwise we can't support use cases where the user has no authorization on
the table or CF level but cell ACLs grant exceptional access. It also
brings the AccessController behavior in line with the new
VisibilityController
Does this leave us open to leaking row existence due to timing differences?
For example, imagine you had a table where I happened to know (eg from
reading your design docs on the wiki) that the key is made up of social
security numbers. If I wanted to come up with a list of valid SSNs, I could
iss
[
https://issues.apache.org/jira/browse/HBASE-11066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Purtell resolved HBASE-11066.
Resolution: Invalid
HBaseConfiguration loads hbase-site.xml from the expected location alr
So. I'm done with my heavy duty release test for 0.94.19.
tl.tr: +1 ;)
Here are the details.
Downloaded the jar, checked the signature, the CHANGES.txt file, the
documentation (random pickup) -> Passed.
Run the test suite -> Passed.
Tests run: 1550, Failures: 0, Errors: 0, Skipped: 16
[INFO]
Sergey Soldatov created HBASE-11069:
---
Summary: Decouple region merging from ZooKeeper
Key: HBASE-11069
URL: https://issues.apache.org/jira/browse/HBASE-11069
Project: HBase
Issue Type: Sub-
> Does this leave us open to leaking row existence due to timing
differences?
I think I have to answer yes because we've never considered a defense
against this kind of attack against HBase data sources ever. As you say it
would depend on schema design. Do you think defending against timing
attac
On Thu, Apr 24, 2014 at 10:13 AM, Andrew Purtell wrote:
> > Does this leave us open to leaking row existence due to timing
> differences?
>
> I think I have to answer yes because we've never considered a defense
> against this kind of attack against HBase data sources ever. As you say it
> would d
Thanks. The perspective is valuable.
Unfortunately we had to commit these changes to get them reviewed. But
we've flagged HFileV3 as experimental through the 0.98 cycle in public
comments about 0.98 (blog posts, presentations), and these features all
depend on HFileV3, so I think allows us some fr
From the users end, I think its better to let them know that they don't have
proper
authorizations ( when they actually don't have ), rather than returning empty
result.
I am in favor of having a setting which restores early access denial.
On Apr 24, 2014, at 10:49 AM, Andrew Purtell wrote:
Andrew Purtell created HBASE-11070:
--
Summary: [AccessController] Restore early-out access denial if the
user has no access at the table or CF level
Key: HBASE-11070
URL: https://issues.apache.org/jira/browse/HBAS
https://issues.apache.org/jira/browse/HBASE-11070
On Thu, Apr 24, 2014 at 11:12 AM, Vandana Ayyalasomayajula <
avand...@yahoo-inc.com> wrote:
> From the users end, I think its better to let them know that they don't
> have proper
> authorizations ( when they actually don't have ), rather than r
Mikhail Antonov created HBASE-11071:
---
Summary: Abstract HM admin table handlers from ZK
Key: HBASE-11071
URL: https://issues.apache.org/jira/browse/HBASE-11071
Project: HBase
Issue Type: Su
Mikhail Antonov created HBASE-11072:
---
Summary: Abstract WAL splitting from ZK
Key: HBASE-11072
URL: https://issues.apache.org/jira/browse/HBASE-11072
Project: HBase
Issue Type: Sub-task
Mikhail Antonov created HBASE-11073:
---
Summary: Hide ZooKeeperWatcher and dependent ZK Listeners inside
of a consensus impl
Key: HBASE-11073
URL: https://issues.apache.org/jira/browse/HBASE-11073
Pro
Wow. Thanks JM!
-- Lars
From: Jean-Marc Spaggiari
To: dev
Sent: Thursday, April 24, 2014 10:09 AM
Subject: Re: [VOTE] The 1st hbase 0.94.19 release candidate is available for
download
So. I'm done with my heavy duty release test for 0.94.19.
tl.tr: +1 ;)
BTW, the integration test finished with 2 errors. Logs are below. Not
really sure if they are relevent errors or not. It was running on the 8
nodes cluster. I will re-run that over night on the 4 nodes cluster and see.
14/04/24 14:23:36 INFO mapred.JobClient: Job complete: job_local_0003
14/04/24
stack created HBASE-11074:
-
Summary: Have PE emit histogram stats as it runs rather than dump
once at end of test
Key: HBASE-11074
URL: https://issues.apache.org/jira/browse/HBASE-11074
Project: HBase
20 matches
Mail list logo
