- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
HBase end-to-end over the wire encryption
- Labels:
-
Apache HBase
-
Apache Phoenix
Created ‎03-03-2017 07:16 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to know about:
- 1.communication between RS can be encrypted
- 2.hbase client to ZK
- 3.phoenix jdbc client connection encryption
- 4. within ZK znodes, is there any customer information that needs to be protected
Created ‎03-03-2017 07:24 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#1 See https://hbase.apache.org/book.html#_client_side_configuration_for_secure_operation. Set
hbase.rpc.protection=true
#2 There is no sensitive data that clients read out of ZooKeeper.
#3 I don't know this means. Phoenix uses HBase's RPC mechanism which is already encompassed by #1
#4 No, but HBase already sets up ACLs to protect all information that users should not see/modify. Table data is not stored in ZooKeeper.
Created ‎03-03-2017 07:24 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#1 See https://hbase.apache.org/book.html#_client_side_configuration_for_secure_operation. Set
hbase.rpc.protection=true
#2 There is no sensitive data that clients read out of ZooKeeper.
#3 I don't know this means. Phoenix uses HBase's RPC mechanism which is already encompassed by #1
#4 No, but HBase already sets up ACLs to protect all information that users should not see/modify. Table data is not stored in ZooKeeper.
Created ‎03-03-2017 07:33 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#3.. In this case flume is connecting to HBase via Phoenix JDBC. So the question is if we need to do something for the JDBC connection to secure with SSL..
Created ‎03-03-2017 09:19 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking at the documentation, the way I understand it is, that Phoenix JDBC driver uses HBase RPC mechanism and like @Josh Elser noted, that's already covered in the secure client side configuration. See this link and notice how JDBC client is actually connected to Zookeeper.
https://streever.atlassian.net/wiki/display/HADOOP/Phoenix+JDBC+Client+Setup
Created ‎03-03-2017 09:39 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Ancil McBarnett HBase doesn't use SSL to protect RPCs
Created ‎03-03-2017 10:47 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZooKeeper has SSL with Netty. But I am not sure it is tested well. https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide
@Josh, in case of HBase tokens, I think they are stored in ZK. Can this be a concern?
