Reputation: 18289
How to secure client connections to an HBase Thrift Server?
Anyone who knows the port and host of a HBase Thrift server, and who has access to the network, can access HBase. This is a security risk. How can the client access to the HBase Thrift server be made secure?
Upvotes: 1
Views: 1053
Answers (2)
Reputation: 12522
You could secure HBase Thrift server setting up authentication via kerberos and then setting this property in hbase-site.xml
<name>hbase.thrift.security.qop</name>
<value>auth</value>
http://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_hbase_authentication.html
Upvotes: 1
Reputation: 18289
My sysadmin told me that in theory he could install an HBase Thrift Server on one of the Hadoop edge nodes that are blocked off, and only open the port to my server via ACLs. He however has no intention of doing this (and I do not either). As this is not a suitable answer I'll leave the question open.
Upvotes: 0
Related Questions
- What is the recommended way to connect to HBase using Python?
- Python program to connect to HBase via thrift server in Http mode
- Python3 connection to Kerberos Hbase thrift HTTPS
- Connect to Hbase from Python and happybase / Thrift
- Connecting standalone hbase from python
- How do you authenticate against Thrift HBase from .NET?
- Error while Happybase connection with hbase
- How to deal with thrift client disconnection issue
- Why does the HBase Thrift API always return a thrift client connection
- thrift hbase client - support filters and coprocessors