[
https://issues.apache.org/jira/browse/ACCUMULO-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13236653#comment-13236653
]
Aaron Cordova commented on ACCUMULO-482:
----------------------------------------
It was a little hard to understand the problem the way you stated it, but I
think I understand. You mean any part of the keyvalue pair might be sensitive
and need to be protected and the !METADATA table might expose some of those.
So you're saying if a proxy is created you don't want !METADATA entries to be
sent to it, because the way most instances of Accumulo are deployed involves
the Accumulo client being run on a protected machine, i.e. a machine on the
security perimeter that the user can't just examine the memory of.
But I don't think METADATA entries need to be exposed outside the trusted
accumulo client in order for a proxy to work ... one could simply ferry scan
parameters and the resulting keyvalue pairs to and from the client (for
queries).
The proxy could also be configured to simply disallow reading directly from the
!METADATA table. Would that still leave the possibility of sensitive elements
of KeyValue pairs being leaked?
> Add a thrift proxy server
> -------------------------
>
> Key: ACCUMULO-482
> URL: https://issues.apache.org/jira/browse/ACCUMULO-482
> Project: Accumulo
> Issue Type: New Feature
> Reporter: Sapan Shah
> Assignee: Sapan Shah
>
> Add a thrift proxy server to make integration with other languages besides
> Java a bit easier. This should work like
> http://wiki.apache.org/hadoop/Hbase/ThriftApi.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
