On 11/14/17 4:54 PM, Mike Drob wrote:
I can see a small section on the documentation update I've already been
hacking on to include details on the issue "We can't help you secure where
you put the data". Given how many instances of "globally readable S3
bucket" I've seen recently, this strikes me as prudent.
I would prefer this to be a giant, hard to miss, red letters, all caps
warning; not a small section. I do think it is our responsibility for
telling users how to configure the backup/restore process for communicating
with secure systems. Or, at a minimum, documenting how we pass arbitrary
configuration options that can then be used to communicate with said
systems.
:D
For example, if we support writing backups to S3, then we should have a way
to specify an Auth string and maybe even some of the custom headers like
x-amz-acl. We don't have to explicitly enumerate best practices, but if the
only option is to write to a globally open bucket, then I don't think we
should advertise writing to S3 as an available option.
Similarly, if we tell people that they can send backups to HDFS, then we
should give them the hooks to correctly interface with a kerberized HDFS.
Maybe this is already in the proposed patch, I haven't gone looking yet.
Nope. I actually meant to include this in the patch I re-rolled today
but forgot. Let me update once more.
Thanks again, Mike. Good questions/feedback!
