You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2014/03/01 04:04:19 UTC

[jira] [Comment Edited] (HBASE-10646) Enable security features by default for 1.0

    [ https://issues.apache.org/jira/browse/HBASE-10646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13916745#comment-13916745 ] 

Andrew Purtell edited comment on HBASE-10646 at 3/1/14 3:03 AM:
----------------------------------------------------------------

This can be an incremental process, with as many steps taken as needed until we are collectively happy with the end state.

The security features can mostly be enabled independently, although most features depend on secure authentication and secure RPC.

For this JIRA, it could be sufficient to enable most of the security features in the default configuration, excepting those which have, due to their nature, a performance consequence. 

Next, we could in addition automatically load the security coprocessors as system coprocessors. Either Java's ServiceLoader or Guice could be employed to this end. I suggest using ServiceLoader in the same manner that Hadoop uses it to load some security service modules, such as token services.

It should still be possible to change site configuration to turn off security features which are not wanted.

Integrating security coprocessors into core code is out of scope here. In my opinion that could be post 1.0 work.


was (Author: apurtell):
This can be an incremental process, with as many steps taken as needed until we are collectively happy with the end state.

Currently, the security features can mostly be enabled independently, although most features depend on secure authentication being turned on.

For this JIRA, it could be sufficient to enable most of the security features in the default configuration, excepting those which have, due to their nature, a performance consequence. 

Next, we could in addition automatically load the security coprocessors as system coprocessors. Either Java's ServiceLoader or Guice could be employed to this end. I suggest using ServiceLoader in the same manner that Hadoop uses it to load some security service modules, such as token services.

It should still be possible to change site configuration to turn off security features which are not wanted.

Integrating security coprocessors into core code is out of scope here. In my opinion that could be post 1.0 work.

> Enable security features by default for 1.0
> -------------------------------------------
>
>                 Key: HBASE-10646
>                 URL: https://issues.apache.org/jira/browse/HBASE-10646
>             Project: HBase
>          Issue Type: Task
>    Affects Versions: 0.99.0
>            Reporter: Andrew Purtell
>            Assignee: Andrew Purtell
>
> As discussed in the last PMC meeting, we should enable security features by default in 1.0.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)