On 10/4/08 11:54 PM, "Dmitry Pushkarev" <[EMAIL PROTECTED]> wrote:
> Here is the question: how secure hadoop is? (or let's say foolproof)
I'd hope it was fairly well known that Hadoop is not secure. At all.
> What we're seeing here is open hadoop cluster, where anyone who capable of
> installing hadoop and changing his username to webcrawl can use their
> cluster and read their data, even though firewall is perfectly installed and
> ports like ssh are filtered to outsiders.
The firewall is likely blocking everything <1024, but making the (bad)
assumption that anything in the ephemeral range is 'safe'. A common
misconfiguration.
In any case, the hadoop ports should be blocked to the outside world.
> Can we propose to developers to introduce some basic user-management and
> access controls to help hadoop make one step further towards
> production-quality system?
https://issues.apache.org/jira/browse/HADOOP-1701 ,
https://issues.apache.org/jira/browse/HADOOP-1741 ,
https://issues.apache.org/jira/browse/HADOOP-3854 ,
https://issues.apache.org/jira/browse/HADOOP-4343 , ...
amongst others.
> And, by the way add robots.txt to default distribution.
https://issues.apache.org/jira/browse/HADOOP-3397
