Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
HDFS >> mail # dev >> Regarding Datanode secure ports


+
Raghu Doppalapudi 2013-05-21, 19:24
Copy link to this message
-
Re: Regarding Datanode secure ports
Hi Raghu,

I'm aware of no immediate plans to eliminate this property, but HDFS-2856
will change the security design on the protocol between HDFS client and
datanode such that secure datanodes will not require a privileged port, and
thus you won't need this configuration property.  HDFS-2856 is still under
design review.

https://issues.apache.org/jira/browse/HDFS-2856

Please note that ignore.secure.ports.for.testing is not suitable for
running a secure production cluster.  It opens a risk of a rogue map or
reduce task binding to the datanode's RPC port, impersonating a legitimate
datanode, and stealing secrets or sensitive data.  (That jira includes a
full description of the attack vector if you're interested.)

I hope this helps.  Thanks!

Chris Nauroth
Hortonworks
http://hortonworks.com/

On Tue, May 21, 2013 at 12:24 PM, Raghu Doppalapudi
<[EMAIL PROTECTED]>wrote:

> I am starting datanode in secure mode on higher default ports by overriding
> the following property.
>
>         <property>
>                 <name>ignore.secure.ports.for.testing</name>
>                 <value>true</value>
>         </property>
>
> Is this property going to be a permanent one, please suggest whether this
> property good to use, I just want to check whether this is temporary or
> permanent property.
>
> Thanks
>
+
Raghu Doppalapudi 2013-05-21, 23:23
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB