You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by Raghu Doppalapudi <ra...@gmail.com> on 2013/05/21 21:24:31 UTC

Regarding Datanode secure ports

I am starting datanode in secure mode on higher default ports by overriding
the following property.

        <property>
                <name>ignore.secure.ports.for.testing</name>
                <value>true</value>
        </property>

Is this property going to be a permanent one, please suggest whether this
property good to use, I just want to check whether this is temporary or
permanent property.

Thanks

Re: Regarding Datanode secure ports

Posted by Raghu Doppalapudi <ra...@gmail.com>.

Thanks Chris, very good information, it helps.

Thanks
Raghu


On Tue, May 21, 2013 at 2:35 PM, Chris Nauroth <cn...@hortonworks.com>wrote:

> Hi Raghu,
>
> I'm aware of no immediate plans to eliminate this property, but HDFS-2856
> will change the security design on the protocol between HDFS client and
> datanode such that secure datanodes will not require a privileged port, and
> thus you won't need this configuration property.  HDFS-2856 is still under
> design review.
>
> https://issues.apache.org/jira/browse/HDFS-2856
>
> Please note that ignore.secure.ports.for.testing is not suitable for
> running a secure production cluster.  It opens a risk of a rogue map or
> reduce task binding to the datanode's RPC port, impersonating a legitimate
> datanode, and stealing secrets or sensitive data.  (That jira includes a
> full description of the attack vector if you're interested.)
>
> I hope this helps.  Thanks!
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Tue, May 21, 2013 at 12:24 PM, Raghu Doppalapudi
> <ra...@gmail.com>wrote:
>
> > I am starting datanode in secure mode on higher default ports by
> overriding
> > the following property.
> >
> >         <property>
> >                 <name>ignore.secure.ports.for.testing</name>
> >                 <value>true</value>
> >         </property>
> >
> > Is this property going to be a permanent one, please suggest whether this
> > property good to use, I just want to check whether this is temporary or
> > permanent property.
> >
> > Thanks
> >
>

Re: Regarding Datanode secure ports

Posted by Chris Nauroth <cn...@hortonworks.com>.

Hi Raghu,

I'm aware of no immediate plans to eliminate this property, but HDFS-2856
will change the security design on the protocol between HDFS client and
datanode such that secure datanodes will not require a privileged port, and
thus you won't need this configuration property.  HDFS-2856 is still under
design review.

https://issues.apache.org/jira/browse/HDFS-2856

Please note that ignore.secure.ports.for.testing is not suitable for
running a secure production cluster.  It opens a risk of a rogue map or
reduce task binding to the datanode's RPC port, impersonating a legitimate
datanode, and stealing secrets or sensitive data.  (That jira includes a
full description of the attack vector if you're interested.)

I hope this helps.  Thanks!

Chris Nauroth
Hortonworks
http://hortonworks.com/

On Tue, May 21, 2013 at 12:24 PM, Raghu Doppalapudi
<ra...@gmail.com>wrote:

> I am starting datanode in secure mode on higher default ports by overriding
> the following property.
>
>         <property>
>                 <name>ignore.secure.ports.for.testing</name>
>                 <value>true</value>
>         </property>
>
> Is this property going to be a permanent one, please suggest whether this
> property good to use, I just want to check whether this is temporary or
> permanent property.
>
> Thanks
>