Thanks Chris, very good information, it helps. Thanks Raghu
On Tue, May 21, 2013 at 2:35 PM, Chris Nauroth <cnaur...@hortonworks.com>wrote: > Hi Raghu, > > I'm aware of no immediate plans to eliminate this property, but HDFS-2856 > will change the security design on the protocol between HDFS client and > datanode such that secure datanodes will not require a privileged port, and > thus you won't need this configuration property. HDFS-2856 is still under > design review. > > https://issues.apache.org/jira/browse/HDFS-2856 > > Please note that ignore.secure.ports.for.testing is not suitable for > running a secure production cluster. It opens a risk of a rogue map or > reduce task binding to the datanode's RPC port, impersonating a legitimate > datanode, and stealing secrets or sensitive data. (That jira includes a > full description of the attack vector if you're interested.) > > I hope this helps. Thanks! > > Chris Nauroth > Hortonworks > http://hortonworks.com/ > > > > On Tue, May 21, 2013 at 12:24 PM, Raghu Doppalapudi > <raghu.hb...@gmail.com>wrote: > > > I am starting datanode in secure mode on higher default ports by > overriding > > the following property. > > > > <property> > > <name>ignore.secure.ports.for.testing</name> > > <value>true</value> > > </property> > > > > Is this property going to be a permanent one, please suggest whether this > > property good to use, I just want to check whether this is temporary or > > permanent property. > > > > Thanks > > >
