Hi Devs,

As part of access control, read/write to meta table also should be checked
for authorization.
I've seen some scripts also internally invoking flush/compact on .META.

Example: drop table from "HBase shell" invokes flush and compact on .META.

IMO, scripts needs to be corrected. And I don't see need for calling
flush/compact on .META.

Any different opinion?

--
Regards,
Laxman

On Thu, Jun 14, 2012 at 9:39 PM, Laxman <[EMAIL PROTECTED]> wrote:
> As part of access control, read/write to meta table also should be checked
> for authorization.
> I've seen some scripts also internally invoking flush/compact on .META.
>
> Example: drop table from "HBase shell" invokes flush and compact on .META.
>
> IMO, scripts needs to be corrected. And I don't see need for calling
> flush/compact on .META.
>
> Any different opinion?

IMO, this makes sense. However, then the flush+major_compact
invocation must be handled by the master.

Best regards,

   - Andy

Problems worthy of attack prove their worth by hitting back. - Piet
Hein (via Tom White)

+1 on changing the scripts.

Regards
Ram

> -----Original Message-----
> From: Laxman [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 15, 2012 10:10 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [HBase Security] Meta table operations should be authorized
>
> Hi Devs,
>
> As part of access control, read/write to meta table also should be
> checked
> for authorization.
> I've seen some scripts also internally invoking flush/compact on .META.
>
> Example: drop table from "HBase shell" invokes flush and compact on
> .META.
>
> IMO, scripts needs to be corrected. And I don't see need for calling
> flush/compact on .META.
>
> Any different opinion?
>
> --
> Regards,
> Laxman