Andrew Kyle Purtell created HBASE-30130:
-------------------------------------------
Summary: Add a security-model section to the website
Key: HBASE-30130
URL: https://issues.apache.org/jira/browse/HBASE-30130
Project: HBase
Issue Type: Task
Reporter: Andrew Kyle Purtell
Assignee: Andrew Kyle Purtell
Fix For: 4.0.0-alpha-1
Add a "Security Model" page to the Apache HBase website, following the ASF
Security Team's recommendation for projects to document their security
assumptions.
The page defines HBase's trust boundaries, explains that HBase's default
unauthenticated configuration is intended only for development and testing, and
clarifies security expectations for gateway services, coprocessors, web UIs,
and transport encryption. It enumerates what constitutes a valid vulnerability
versus what does not, providing clear guidance for operators, security
researchers, and the ASF Security Team when triaging incoming reports.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
