[
https://issues.apache.org/jira/browse/HBASE-10322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13875068#comment-13875068
]
Andrew Purtell commented on HBASE-10322:
----------------------------------------
Agree.
The goal is to prevent sensitive tags from going to clients who are not
supposed to see them. This is blocking the 0.98 RC.
Checking on a per cell basis is going to hurt performance. Massaging cell data
on a per cell basis e.g. copying, will kill performance. We need some global
decision per connection.
Earlier we explored per-connection negotiation ideas on another JIRA but didn't
come to a satisfactory resolution.
Now we want to do the simplest thing possible. There is no need to handle tags
in cell serialization for RPC. (Except! Replication! - Thanks [~anoop.hbase].)
Cell ACLs and visibility expressions are shipped server side in operation
attributes. Tag persistence with HFile v3 is all set. Tag persistence in the
WAL uses "WAL codecs" which are only applied server side.
We need an answer for replication though. My thinking is since we set up RPC
for replication specially in the sink and source code, and replication is a
server to server thing - or at least we can say replication is "privileged" -
it should be ok to add a tag capable codec for replication, but have it not be
the default. We can tell users that replication will be compatible between 0.96
and 0.98 as long as you don't use cell tags. If you do start using the 0.98
features which require cell tags, then your replication endpoints must all be
upgrade to 0.98 first, and you must change a configuration setting.
> Strip tags from KV while sending back to client on reads
> --------------------------------------------------------
>
> Key: HBASE-10322
> URL: https://issues.apache.org/jira/browse/HBASE-10322
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.98.0
> Reporter: Anoop Sam John
> Assignee: Anoop Sam John
> Priority: Blocker
> Fix For: 0.98.0, 0.99.0
>
> Attachments: HBASE-10322.patch, HBASE-10322_V2.patch
>
>
> Right now we have some inconsistency wrt sending back tags on read. We do
> this in scan when using Java client(Codec based cell block encoding). But
> during a Get operation or when a pure PB based Scan comes we are not sending
> back the tags. So any of the below fix we have to do
> 1. Send back tags in missing cases also. But sending back visibility
> expression/ cell ACL is not correct.
> 2. Don't send back tags in any case. This will a problem when a tool like
> ExportTool use the scan to export the table data. We will miss exporting the
> cell visibility/ACL.
> 3. Send back tags based on some condition. It has to be per scan basis.
> Simplest way is pass some kind of attribute in Scan which says whether to
> send back tags or not. But believing some thing what scan specifies might not
> be correct IMO. Then comes the way of checking the user who is doing the
> scan. When a HBase super user doing the scan then only send back tags. So
> when a case comes like Export Tool's the execution should happen from a super
> user.
> So IMO we should go with #3.
> Patch coming soon.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
