On Wed, Dec 14, 2016 at 1:13 AM, Juan Pablo Briganti < [email protected]> wrote:
> Hi all! > > I can see inside documentation that kudu does not support security or > authentication and also does not support encryption. > That's correct. It's possible to run Kudu on top of a device encrypted by dmcrypt to offer on-disk encryption, but that doesn't provide for wire encryption. > Since I understand kudu is production ready, I wonder how security is > usually managed in production environment for projects using Kudu as > storage. Any recommendation or approach that can suggest to us regarding > security?. > Currently, Kudu is used in production environments with more lax security requirements. For example, in a single-use cluster which is firewalled off from the rest of the organization and only allowed access via a front-end application (eg webapp, etc). Of course, having not authentication or security at all is not an option > for us in our case. > > In that case, the best bet is to provide security at some other layer, and use network isolation to limit access only to the application code, or to wait until Kudu itself as a stronger set of security features. We're currently working on it and hope to have something ready in the coming months. -Todd -- Todd Lipcon Software Engineer, Cloudera
