Building a secure Hadoop cluster requires protecting a number of services which comprise Hadoop infrastructure. If you are using CDH distribution, then Cloudera Manager (CM) is one of the components that needs to be secured. There is a good step by step guide in CM documentation, and it’s easy to follow for one server, but what when you have hundreds of them? There are different approaches to the problem of managing server’s configuration at scale, but I’d like to focus on Ansible which is a neat framework for parallel commands execution and complex rollouts.
HDFS authentication model changed in recent releases, but documentation is stale which can lead people into thinking HDFS is using very primitive authentication
I am very excited and thrilled to use the latest release of MySQL 5.6 in production. This is probably the most notable and innovative release from many years, if not ever. I this post I take a detailed look at what is new in MySQL 5.6 and why I think its the best version of MySQL to date
I was recently asked a question by someone who had attended my Shmoocon talk entitled “Why are Databases So Hard to Secure?”. (PDF slides are available). I was going to put this into a more formal structure, but the conversational nature works really well. I would love to see comments reflecting others’ thoughts.
It’s yet again time for Oracle’s critical patch update (CPUJAN2008). The update will be released on Tuesday January 15, and as of yet there are no details on exactly what vulnerabilities have been found.
Oracle Grid Control documentation warns against leaving the emkey in the Grid Control repository, if it is not removed after it has been copied it is easy to decrypt data, like passwords. Oracle Management Service 10.2 uses several ways to protect these sensitive data, including Virtual Private Database and Password Encryption. To overcome the first one, you have to connect to the database as the SYS user, for the second one, you have to know the encrypted password form, the key, and the associated algorithm. Obviously, the key used to cipher the password is the emkey. So the next question is, “Where are stored the ciphered passwords?”.
This is a follow up on my previous post about SYSDBA keeping invoker rights when calling PL/SQL procedure. Working on the previous test case a bit more I figured that the same anomaly is observed with triggers. So here is one way to get your PL/SQL code called by a SYSDBA. In this case you need to be able to create trigger on database, i. e. need privileges ADMINISTER DATABASE TRIGGER and CREATE TRIGGER.