HBase favicon

Apache HBase

Security

Comprehensive guide to securing Apache HBase, including authentication, authorization, encryption, and access control mechanisms.

Reporting Security Bugs

HBase adheres to the Apache Software Foundation's policy on reported vulnerabilities, available at http://apache.org/security/.

If you wish to send an encrypted report, you can use the GPG details provided for the general ASF security list. This will likely increase the response time to your report.

To protect existing HBase installations from exploitation, please do not use JIRA to report security-related bugs. Instead, send your report to the mailing list private@hbase.apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.

In this section:

Web UI Security

HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop.

Secure Client Access to Apache HBase

Configuring Kerberos-based secure authentication for HBase clients, including server and client setup procedures.

Simple User Access to Apache HBase

Setting up simple SASL authentication for HBase clients without Kerberos, using username/password-based access control.

Transport Level Security (TLS) in HBase RPC communication

Configuring TLS encryption for secure HBase client-server and Master-RegionServer communication without downtime.

Securing Access to HDFS and ZooKeeper

Secure HBase requires secure ZooKeeper and HDFS so that users cannot access and/or modify the metadata and data from under HBase. HBase uses HDFS (or configured file system) to keep its data files as well as write ahead logs (WALs) and other data. HBase uses ZooKeeper to store some metadata for operations (master address, table locks, recovery state, etc).

Securing Access To Your Data

Role-based access control (RBAC), visibility labels, and data encryption strategies for securing HBase data at rest and in transit.

Security Configuration Example

This configuration example includes support for HFile v3, ACLs, Visibility Labels, and transparent encryption of data at rest and the WAL. All options have been discussed separately in the sections above.
Edit on GitHub

HBase and MapReduce

Guide to using Apache HBase with MapReduce including configuration, examples, and best practices.

Web UI Security

HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop.