Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
HDFS >> mail # dev >> Regarding Datanode secure ports


Copy link to this message
-
Re: Regarding Datanode secure ports
Thanks Chris, very good information, it helps.

Thanks
Raghu
On Tue, May 21, 2013 at 2:35 PM, Chris Nauroth <[EMAIL PROTECTED]>wrote:

> Hi Raghu,
>
> I'm aware of no immediate plans to eliminate this property, but HDFS-2856
> will change the security design on the protocol between HDFS client and
> datanode such that secure datanodes will not require a privileged port, and
> thus you won't need this configuration property.  HDFS-2856 is still under
> design review.
>
> https://issues.apache.org/jira/browse/HDFS-2856
>
> Please note that ignore.secure.ports.for.testing is not suitable for
> running a secure production cluster.  It opens a risk of a rogue map or
> reduce task binding to the datanode's RPC port, impersonating a legitimate
> datanode, and stealing secrets or sensitive data.  (That jira includes a
> full description of the attack vector if you're interested.)
>
> I hope this helps.  Thanks!
>
> Chris Nauroth
> Hortonworks
> http://hortonworks.com/
>
>
>
> On Tue, May 21, 2013 at 12:24 PM, Raghu Doppalapudi
> <[EMAIL PROTECTED]>wrote:
>
> > I am starting datanode in secure mode on higher default ports by
> overriding
> > the following property.
> >
> >         <property>
> >                 <name>ignore.secure.ports.for.testing</name>
> >                 <value>true</value>
> >         </property>
> >
> > Is this property going to be a permanent one, please suggest whether this
> > property good to use, I just want to check whether this is temporary or
> > permanent property.
> >
> > Thanks
> >
>
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB