subject:"Critical security related notice for releases containing HBASE\-19483 \(1.4.1, 1.5.0, 2.0.0\)"

Re: Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

2018-02-22 Thread Ted Yu

bq. only the clusters which need authorization should set this config as
false

Looks like a typo above : 'as true'

Cheers

On Thu, Feb 22, 2018 at 4:01 PM, Apekshit Sharma  wrote:

> Default value for hbase.security.authorization has been changed from true
> to false. Secured clusters should make sure to explicitly set it to true in
> XML configuration file before upgrading to one of these versions. (
> https://issues.apache.org/jira/browse/HBASE-19483)
>
> True as default value of hbase.security.authorization doesn't make any
> sense, since not all clusters need authorization. (History: HBASE-13275
> ) Rather, only the
> clusters which need authorization should set this config as false. Going
> further, setting this config should be single switch to enable/disable
> authorization, conditional on appropriate coprocessors loaded (a condition
> we'll try to remove in future by incorporating access control directly into
> hbase as core feature rather then as coprocessor).
>
> -- Appy
>

Re: Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

2018-02-22 Thread Misty Stanley-Jones

Thanks, Appy. Big thanks for making sure this change was documented during
the patch review, as well! It seems maybe this notice should have gone to
the users@ list, as well.

On Thu, Feb 22, 2018 at 4:02 PM Apekshit Sharma  wrote:

> Default value for hbase.security.authorization has been changed from true
> to false. Secured clusters should make sure to explicitly set it to true in
> XML configuration file before upgrading to one of these versions. (
> https://issues.apache.org/jira/browse/HBASE-19483)
>
> True as default value of hbase.security.authorization doesn't make any
> sense, since not all clusters need authorization. (History: HBASE-13275
> ) Rather, only the
> clusters which need authorization should set this config as false. Going
> further, setting this config should be single switch to enable/disable
> authorization, conditional on appropriate coprocessors loaded (a condition
> we'll try to remove in future by incorporating access control directly into
> hbase as core feature rather then as coprocessor).
>
> -- Appy
>

Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

2018-02-22 Thread Apekshit Sharma

Default value for hbase.security.authorization has been changed from true
to false. Secured clusters should make sure to explicitly set it to true in
XML configuration file before upgrading to one of these versions. (
https://issues.apache.org/jira/browse/HBASE-19483)

True as default value of hbase.security.authorization doesn't make any
sense, since not all clusters need authorization. (History: HBASE-13275
) Rather, only the
clusters which need authorization should set this config as false. Going
further, setting this config should be single switch to enable/disable
authorization, conditional on appropriate coprocessors loaded (a condition
we'll try to remove in future by incorporating access control directly into
hbase as core feature rather then as coprocessor).

-- Appy

Re: Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

Re: Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

Critical security related notice for releases containing HBASE-19483 (1.4.1, 1.5.0, 2.0.0)

3 matches

Site Navigation

Mail list logo

Footer information