Amr Awadallah wrote:
I didn't understand usage of "malicuous" here,
but any process using HDFS api should first ask NameNode where the
Rasit,
Matei is referring to fact that a malicious peace of code can bypass the
Name Node and connect to any data node directly, or probe all data nodes for
that matter. There is no strong authentication for RPC at this layer of
HDFS, which is one of the current shortcomings that will be addressed in
hadoop 1.0.
-- amr
This shouldn't be a problem in a locked down datacentre. Where it is a
risk is when you host on EC2 or other Vm-hosting service that doesn't
set up private VPNs
