Anoop: I think what you describe below is legitimate concern. Can you log a JIRA for this ?
Thanks On Tue, May 22, 2012 at 5:11 AM, Anoop Sam John <[email protected]> wrote: > Hi Devs > In case of secure cluster, we allow the HBase clients to read > the zk nodes by providing the global read permissions to all for certain > nodes. These nodes are the master address znode, root server znode and the > clusterId znode. In ZKUtil.createACL() , we can see these node names are > specially handled. > > > > But there are some other client side admin APIs which makes a read call > into the zookeeper from the client. This include the isTableEnaled() call > (May be some other. I have seen this). Here the client directly reads a > node in the zookeeper ( node created for this table ) and the data is > matched to know whether this is enabled or not. > > Now in secure cluster case any client can read zookeeper nodes which it > needs for its normal operation like the master address and root server > address. But what if the client calls this API? [isTableEnaled () ]. I > think this will be an issue. > > > > -Anoop- > > >
