如何保护客户端与HBase Thrift服务器的连接?
[英]How to secure client connections to an HBase Thrift Server?
问题描述
Anyone who knows the port and host of a HBase Thrift server, and who has access to the network, can access HBase. 
知道HBase Thrift服务器的端口和主机并有权访问网络的任何人都可以访问HBase。 This is a security risk. 这是安全隐患。 How can the client access to the HBase Thrift server be made secure? 如何确保客户端访问HBase Thrift服务器的安全性?
2 个解决方案
解决方案1
1 2016-02-17 07:44:50
You could secure HBase Thrift server setting up authentication via kerberos and then setting this property in hbase-site.xml 您可以保护HBase Thrift服务器通过kerberos设置身份验证,然后在hbase-site.xml中设置此属性。
<name>hbase.thrift.security.qop</name>
<value>auth</value>
http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hbase_authentication.html http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hbase_authentication.html
解决方案2
0 2016-02-17 06:00:33
My sysadmin told me that in theory he could install an HBase Thrift Server on one of the Hadoop edge nodes that are blocked off, and only open the port to my server via ACLs. 我的系统管理员告诉我,从理论上讲,他可以在被阻止的Hadoop边缘节点之一上安装HBase Thrift Server,并且仅通过ACL打开到我服务器的端口。 He however has no intention of doing this (and I do not either). 但是,他无意这样做(我也没有)。 As this is not a suitable answer I'll leave the question open. 由于这不是一个合适的答案,因此我将保留这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.