You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by Srikanth Srungarapu <sr...@gmail.com> on 2014/09/24 01:39:26 UTC
regarding secure read accesses in 0.98
Hi Folks,
I noticed that withing 0.98 branch, the behavior of read accesses depends
on hfile versions. If the user decides to use HFile V3 instead of HFile V2,
then the read actions in case of access denied case start returning 0 rows
instead of throwing AccessDenied exception. Ted mentioned yesterday that
some work has been done in this direction [1], where a flag
"hbase.security.access.early_
out" was provided to the user for restoring the previous behavior. But,
this flag does make sense only in the context of user switching to HFile
V3. Is it a better idea to get rid of this dependency on file versions and
present users with a single knob for switching behavior? Or can we do
something about making this more consistent, may be not immediately, but
for 1.0?
Thanks,
Srikanth.
References:
[1] https://issues.apache.org/jira/browse/HBASE-11070
Re: regarding secure read accesses in 0.98
Posted by Anoop John <an...@gmail.com>.
0.98+ security features gives a new feature of more fine grained Access
control per cell level. * This can be achieved only when using HFile V3 *.
The above said config give a way for old behavior even in the context of
new enhancement. And so it make sense in HFile V3 alone So what is the
dependency u mean here? Sorry not getting fully. As long as the user
continue to use HFile V2 (that is the default in 0.98) it will continue
with old ways of early out with Access denied on read reqs.
-Anoop-
On Wed, Sep 24, 2014 at 5:09 AM, Srikanth Srungarapu <sr...@gmail.com>
wrote:
> Hi Folks,
> I noticed that withing 0.98 branch, the behavior of read accesses depends
> on hfile versions. If the user decides to use HFile V3 instead of HFile V2,
> then the read actions in case of access denied case start returning 0 rows
> instead of throwing AccessDenied exception. Ted mentioned yesterday that
> some work has been done in this direction [1], where a flag
> "hbase.security.access.early_
> out" was provided to the user for restoring the previous behavior. But,
> this flag does make sense only in the context of user switching to HFile
> V3. Is it a better idea to get rid of this dependency on file versions and
> present users with a single knob for switching behavior? Or can we do
> something about making this more consistent, may be not immediately, but
> for 1.0?
> Thanks,
> Srikanth.
>
> References:
> [1] https://issues.apache.org/jira/browse/HBASE-11070
>
Re: regarding secure read accesses in 0.98
Posted by Srikanth Srungarapu <sr...@gmail.com>.
Thanks guys for the inputs. I have created HBASE-12087 for changing the
default setting in 0.98.
On Wed, Sep 24, 2014 at 11:17 AM, Ted Yu <yu...@gmail.com> wrote:
> bq. we could set early out to 'true' as default in 0.98
> +1 from me as well.
>
> On Wed, Sep 24, 2014 at 10:17 AM, Anoop John <an...@gmail.com>
> wrote:
>
> > bq.we could set early out to 'true' as default in 0.98
> > (like it is in trunk and branch-1).
> >
> > +1
> >
> > -Anoop-
> >
> >
> > On Wed, Sep 24, 2014 at 10:20 PM, Andrew Purtell <ap...@apache.org>
> > wrote:
> >
> > > As an alternative, we could set early out to 'true' as default in 0.98
> > > (like it is in trunk and branch-1). I didn't do that before because
> > > the behavior would be inconsistent with earlier releases, but if the
> > > consensus is the inconsistency between V2 and V3 is worse, then we
> > > could easily do that. File a JIRA? Or resurrect HBASE-11077.
> > >
> > > On Wed, Sep 24, 2014 at 9:46 AM, Andrew Purtell <ap...@apache.org>
> > > wrote:
> > > > Yes that is no doubt a wart, but sounds like a doc fix mentioning a
> > > > HFileV3 errata could be a solution.
> > > >
> > > > On Wed, Sep 24, 2014 at 7:19 AM, Matteo Bertozzi
> > > > <th...@gmail.com> wrote:
> > > >> the problem is this:
> > > >> - 98 with default early out = false and hfile v2 will always give
> the
> > > >> "Permission Denied" instead of the "0 rows" that you expect since
> the
> > > early
> > > >> out is false
> > > >> - 98 with default early out = false and hfile v3 will always give
> the
> > > "0
> > > >> rows"
> > > >>
> > > >> Matteo
> > > >>
> > > >>
> > > >> On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <
> apurtell@apache.org
> > >
> > > >> wrote:
> > > >>
> > > >>> We've already done what you suggest for 1.0 Srikanth. We didn't do
> it
> > > >>> for 0.98 because the new behavior for V3 was already present in
> > > >>> earlier minor releases.
> > > >>>
> > > >>> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
> > > >>> <sr...@gmail.com> wrote:
> > > >>> > Hi Folks,
> > > >>> > I noticed that withing 0.98 branch, the behavior of read accesses
> > > depends
> > > >>> > on hfile versions. If the user decides to use HFile V3 instead of
> > > HFile
> > > >>> V2,
> > > >>> > then the read actions in case of access denied case start
> > returning 0
> > > >>> rows
> > > >>> > instead of throwing AccessDenied exception. Ted mentioned
> yesterday
> > > that
> > > >>> > some work has been done in this direction [1], where a flag
> > > >>> > "hbase.security.access.early_
> > > >>> > out" was provided to the user for restoring the previous
> behavior.
> > > But,
> > > >>> > this flag does make sense only in the context of user switching
> to
> > > HFile
> > > >>> > V3. Is it a better idea to get rid of this dependency on file
> > > versions
> > > >>> and
> > > >>> > present users with a single knob for switching behavior? Or can
> we
> > do
> > > >>> > something about making this more consistent, may be not
> > immediately,
> > > but
> > > >>> > for 1.0?
> > > >>> > Thanks,
> > > >>> > Srikanth.
> > > >>> >
> > > >>> > References:
> > > >>> > [1] https://issues.apache.org/jira/browse/HBASE-11070
> > > >>>
> > > >>>
> > > >>>
> > > >>> --
> > > >>> Best regards,
> > > >>>
> > > >>> - Andy
> > > >>>
> > > >>> Problems worthy of attack prove their worth by hitting back. - Piet
> > > >>> Hein (via Tom White)
> > > >>>
> > > >
> > > >
> > > >
> > > > --
> > > > Best regards,
> > > >
> > > > - Andy
> > > >
> > > > Problems worthy of attack prove their worth by hitting back. - Piet
> > > > Hein (via Tom White)
> > >
> > >
> > >
> > > --
> > > Best regards,
> > >
> > > - Andy
> > >
> > > Problems worthy of attack prove their worth by hitting back. - Piet
> > > Hein (via Tom White)
> > >
> >
>
Re: regarding secure read accesses in 0.98
Posted by Ted Yu <yu...@gmail.com>.
bq. we could set early out to 'true' as default in 0.98
+1 from me as well.
On Wed, Sep 24, 2014 at 10:17 AM, Anoop John <an...@gmail.com> wrote:
> bq.we could set early out to 'true' as default in 0.98
> (like it is in trunk and branch-1).
>
> +1
>
> -Anoop-
>
>
> On Wed, Sep 24, 2014 at 10:20 PM, Andrew Purtell <ap...@apache.org>
> wrote:
>
> > As an alternative, we could set early out to 'true' as default in 0.98
> > (like it is in trunk and branch-1). I didn't do that before because
> > the behavior would be inconsistent with earlier releases, but if the
> > consensus is the inconsistency between V2 and V3 is worse, then we
> > could easily do that. File a JIRA? Or resurrect HBASE-11077.
> >
> > On Wed, Sep 24, 2014 at 9:46 AM, Andrew Purtell <ap...@apache.org>
> > wrote:
> > > Yes that is no doubt a wart, but sounds like a doc fix mentioning a
> > > HFileV3 errata could be a solution.
> > >
> > > On Wed, Sep 24, 2014 at 7:19 AM, Matteo Bertozzi
> > > <th...@gmail.com> wrote:
> > >> the problem is this:
> > >> - 98 with default early out = false and hfile v2 will always give the
> > >> "Permission Denied" instead of the "0 rows" that you expect since the
> > early
> > >> out is false
> > >> - 98 with default early out = false and hfile v3 will always give the
> > "0
> > >> rows"
> > >>
> > >> Matteo
> > >>
> > >>
> > >> On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <apurtell@apache.org
> >
> > >> wrote:
> > >>
> > >>> We've already done what you suggest for 1.0 Srikanth. We didn't do it
> > >>> for 0.98 because the new behavior for V3 was already present in
> > >>> earlier minor releases.
> > >>>
> > >>> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
> > >>> <sr...@gmail.com> wrote:
> > >>> > Hi Folks,
> > >>> > I noticed that withing 0.98 branch, the behavior of read accesses
> > depends
> > >>> > on hfile versions. If the user decides to use HFile V3 instead of
> > HFile
> > >>> V2,
> > >>> > then the read actions in case of access denied case start
> returning 0
> > >>> rows
> > >>> > instead of throwing AccessDenied exception. Ted mentioned yesterday
> > that
> > >>> > some work has been done in this direction [1], where a flag
> > >>> > "hbase.security.access.early_
> > >>> > out" was provided to the user for restoring the previous behavior.
> > But,
> > >>> > this flag does make sense only in the context of user switching to
> > HFile
> > >>> > V3. Is it a better idea to get rid of this dependency on file
> > versions
> > >>> and
> > >>> > present users with a single knob for switching behavior? Or can we
> do
> > >>> > something about making this more consistent, may be not
> immediately,
> > but
> > >>> > for 1.0?
> > >>> > Thanks,
> > >>> > Srikanth.
> > >>> >
> > >>> > References:
> > >>> > [1] https://issues.apache.org/jira/browse/HBASE-11070
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Best regards,
> > >>>
> > >>> - Andy
> > >>>
> > >>> Problems worthy of attack prove their worth by hitting back. - Piet
> > >>> Hein (via Tom White)
> > >>>
> > >
> > >
> > >
> > > --
> > > Best regards,
> > >
> > > - Andy
> > >
> > > Problems worthy of attack prove their worth by hitting back. - Piet
> > > Hein (via Tom White)
> >
> >
> >
> > --
> > Best regards,
> >
> > - Andy
> >
> > Problems worthy of attack prove their worth by hitting back. - Piet
> > Hein (via Tom White)
> >
>
Re: regarding secure read accesses in 0.98
Posted by Anoop John <an...@gmail.com>.
bq.we could set early out to 'true' as default in 0.98
(like it is in trunk and branch-1).
+1
-Anoop-
On Wed, Sep 24, 2014 at 10:20 PM, Andrew Purtell <ap...@apache.org>
wrote:
> As an alternative, we could set early out to 'true' as default in 0.98
> (like it is in trunk and branch-1). I didn't do that before because
> the behavior would be inconsistent with earlier releases, but if the
> consensus is the inconsistency between V2 and V3 is worse, then we
> could easily do that. File a JIRA? Or resurrect HBASE-11077.
>
> On Wed, Sep 24, 2014 at 9:46 AM, Andrew Purtell <ap...@apache.org>
> wrote:
> > Yes that is no doubt a wart, but sounds like a doc fix mentioning a
> > HFileV3 errata could be a solution.
> >
> > On Wed, Sep 24, 2014 at 7:19 AM, Matteo Bertozzi
> > <th...@gmail.com> wrote:
> >> the problem is this:
> >> - 98 with default early out = false and hfile v2 will always give the
> >> "Permission Denied" instead of the "0 rows" that you expect since the
> early
> >> out is false
> >> - 98 with default early out = false and hfile v3 will always give the
> "0
> >> rows"
> >>
> >> Matteo
> >>
> >>
> >> On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <ap...@apache.org>
> >> wrote:
> >>
> >>> We've already done what you suggest for 1.0 Srikanth. We didn't do it
> >>> for 0.98 because the new behavior for V3 was already present in
> >>> earlier minor releases.
> >>>
> >>> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
> >>> <sr...@gmail.com> wrote:
> >>> > Hi Folks,
> >>> > I noticed that withing 0.98 branch, the behavior of read accesses
> depends
> >>> > on hfile versions. If the user decides to use HFile V3 instead of
> HFile
> >>> V2,
> >>> > then the read actions in case of access denied case start returning 0
> >>> rows
> >>> > instead of throwing AccessDenied exception. Ted mentioned yesterday
> that
> >>> > some work has been done in this direction [1], where a flag
> >>> > "hbase.security.access.early_
> >>> > out" was provided to the user for restoring the previous behavior.
> But,
> >>> > this flag does make sense only in the context of user switching to
> HFile
> >>> > V3. Is it a better idea to get rid of this dependency on file
> versions
> >>> and
> >>> > present users with a single knob for switching behavior? Or can we do
> >>> > something about making this more consistent, may be not immediately,
> but
> >>> > for 1.0?
> >>> > Thanks,
> >>> > Srikanth.
> >>> >
> >>> > References:
> >>> > [1] https://issues.apache.org/jira/browse/HBASE-11070
> >>>
> >>>
> >>>
> >>> --
> >>> Best regards,
> >>>
> >>> - Andy
> >>>
> >>> Problems worthy of attack prove their worth by hitting back. - Piet
> >>> Hein (via Tom White)
> >>>
> >
> >
> >
> > --
> > Best regards,
> >
> > - Andy
> >
> > Problems worthy of attack prove their worth by hitting back. - Piet
> > Hein (via Tom White)
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet
> Hein (via Tom White)
>
Re: regarding secure read accesses in 0.98
Posted by Andrew Purtell <ap...@apache.org>.
As an alternative, we could set early out to 'true' as default in 0.98
(like it is in trunk and branch-1). I didn't do that before because
the behavior would be inconsistent with earlier releases, but if the
consensus is the inconsistency between V2 and V3 is worse, then we
could easily do that. File a JIRA? Or resurrect HBASE-11077.
On Wed, Sep 24, 2014 at 9:46 AM, Andrew Purtell <ap...@apache.org> wrote:
> Yes that is no doubt a wart, but sounds like a doc fix mentioning a
> HFileV3 errata could be a solution.
>
> On Wed, Sep 24, 2014 at 7:19 AM, Matteo Bertozzi
> <th...@gmail.com> wrote:
>> the problem is this:
>> - 98 with default early out = false and hfile v2 will always give the
>> "Permission Denied" instead of the "0 rows" that you expect since the early
>> out is false
>> - 98 with default early out = false and hfile v3 will always give the "0
>> rows"
>>
>> Matteo
>>
>>
>> On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <ap...@apache.org>
>> wrote:
>>
>>> We've already done what you suggest for 1.0 Srikanth. We didn't do it
>>> for 0.98 because the new behavior for V3 was already present in
>>> earlier minor releases.
>>>
>>> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
>>> <sr...@gmail.com> wrote:
>>> > Hi Folks,
>>> > I noticed that withing 0.98 branch, the behavior of read accesses depends
>>> > on hfile versions. If the user decides to use HFile V3 instead of HFile
>>> V2,
>>> > then the read actions in case of access denied case start returning 0
>>> rows
>>> > instead of throwing AccessDenied exception. Ted mentioned yesterday that
>>> > some work has been done in this direction [1], where a flag
>>> > "hbase.security.access.early_
>>> > out" was provided to the user for restoring the previous behavior. But,
>>> > this flag does make sense only in the context of user switching to HFile
>>> > V3. Is it a better idea to get rid of this dependency on file versions
>>> and
>>> > present users with a single knob for switching behavior? Or can we do
>>> > something about making this more consistent, may be not immediately, but
>>> > for 1.0?
>>> > Thanks,
>>> > Srikanth.
>>> >
>>> > References:
>>> > [1] https://issues.apache.org/jira/browse/HBASE-11070
>>>
>>>
>>>
>>> --
>>> Best regards,
>>>
>>> - Andy
>>>
>>> Problems worthy of attack prove their worth by hitting back. - Piet
>>> Hein (via Tom White)
>>>
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet
> Hein (via Tom White)
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)
Re: regarding secure read accesses in 0.98
Posted by Andrew Purtell <ap...@apache.org>.
Yes that is no doubt a wart, but sounds like a doc fix mentioning a
HFileV3 errata could be a solution.
On Wed, Sep 24, 2014 at 7:19 AM, Matteo Bertozzi
<th...@gmail.com> wrote:
> the problem is this:
> - 98 with default early out = false and hfile v2 will always give the
> "Permission Denied" instead of the "0 rows" that you expect since the early
> out is false
> - 98 with default early out = false and hfile v3 will always give the "0
> rows"
>
> Matteo
>
>
> On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <ap...@apache.org>
> wrote:
>
>> We've already done what you suggest for 1.0 Srikanth. We didn't do it
>> for 0.98 because the new behavior for V3 was already present in
>> earlier minor releases.
>>
>> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
>> <sr...@gmail.com> wrote:
>> > Hi Folks,
>> > I noticed that withing 0.98 branch, the behavior of read accesses depends
>> > on hfile versions. If the user decides to use HFile V3 instead of HFile
>> V2,
>> > then the read actions in case of access denied case start returning 0
>> rows
>> > instead of throwing AccessDenied exception. Ted mentioned yesterday that
>> > some work has been done in this direction [1], where a flag
>> > "hbase.security.access.early_
>> > out" was provided to the user for restoring the previous behavior. But,
>> > this flag does make sense only in the context of user switching to HFile
>> > V3. Is it a better idea to get rid of this dependency on file versions
>> and
>> > present users with a single knob for switching behavior? Or can we do
>> > something about making this more consistent, may be not immediately, but
>> > for 1.0?
>> > Thanks,
>> > Srikanth.
>> >
>> > References:
>> > [1] https://issues.apache.org/jira/browse/HBASE-11070
>>
>>
>>
>> --
>> Best regards,
>>
>> - Andy
>>
>> Problems worthy of attack prove their worth by hitting back. - Piet
>> Hein (via Tom White)
>>
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)
Re: regarding secure read accesses in 0.98
Posted by Matteo Bertozzi <th...@gmail.com>.
the problem is this:
- 98 with default early out = false and hfile v2 will always give the
"Permission Denied" instead of the "0 rows" that you expect since the early
out is false
- 98 with default early out = false and hfile v3 will always give the "0
rows"
Matteo
On Tue, Sep 23, 2014 at 10:36 PM, Andrew Purtell <ap...@apache.org>
wrote:
> We've already done what you suggest for 1.0 Srikanth. We didn't do it
> for 0.98 because the new behavior for V3 was already present in
> earlier minor releases.
>
> On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
> <sr...@gmail.com> wrote:
> > Hi Folks,
> > I noticed that withing 0.98 branch, the behavior of read accesses depends
> > on hfile versions. If the user decides to use HFile V3 instead of HFile
> V2,
> > then the read actions in case of access denied case start returning 0
> rows
> > instead of throwing AccessDenied exception. Ted mentioned yesterday that
> > some work has been done in this direction [1], where a flag
> > "hbase.security.access.early_
> > out" was provided to the user for restoring the previous behavior. But,
> > this flag does make sense only in the context of user switching to HFile
> > V3. Is it a better idea to get rid of this dependency on file versions
> and
> > present users with a single knob for switching behavior? Or can we do
> > something about making this more consistent, may be not immediately, but
> > for 1.0?
> > Thanks,
> > Srikanth.
> >
> > References:
> > [1] https://issues.apache.org/jira/browse/HBASE-11070
>
>
>
> --
> Best regards,
>
> - Andy
>
> Problems worthy of attack prove their worth by hitting back. - Piet
> Hein (via Tom White)
>
Re: regarding secure read accesses in 0.98
Posted by Andrew Purtell <ap...@apache.org>.
We've already done what you suggest for 1.0 Srikanth. We didn't do it
for 0.98 because the new behavior for V3 was already present in
earlier minor releases.
On Tue, Sep 23, 2014 at 4:39 PM, Srikanth Srungarapu
<sr...@gmail.com> wrote:
> Hi Folks,
> I noticed that withing 0.98 branch, the behavior of read accesses depends
> on hfile versions. If the user decides to use HFile V3 instead of HFile V2,
> then the read actions in case of access denied case start returning 0 rows
> instead of throwing AccessDenied exception. Ted mentioned yesterday that
> some work has been done in this direction [1], where a flag
> "hbase.security.access.early_
> out" was provided to the user for restoring the previous behavior. But,
> this flag does make sense only in the context of user switching to HFile
> V3. Is it a better idea to get rid of this dependency on file versions and
> present users with a single knob for switching behavior? Or can we do
> something about making this more consistent, may be not immediately, but
> for 1.0?
> Thanks,
> Srikanth.
>
> References:
> [1] https://issues.apache.org/jira/browse/HBASE-11070
--
Best regards,
- Andy
Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)