Unlock instant, AI-driven research and patent intelligence for your innovation.

Hadoop platform security management and control method based on multi-protocol reverse proxy

A technology of reverse proxy and security control, which is applied in the field of platform security control and can solve problems such as late interface appearance and security issues

Active Publication Date: 2019-08-16
全知科技(杭州)有限责任公司
View PDF6 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the open source nature of the hadoop platform, the plug-in interface appeared late, and many early versions did not support this type of interface. At the same time, the plug-in method is extremely intrusive to the hadoop platform, and it is easy to cause various security issues.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Hadoop platform security management and control method based on multi-protocol reverse proxy
  • Hadoop platform security management and control method based on multi-protocol reverse proxy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0033] like figure 1 and 2 As shown, the detailed process of a typical file operation (directory creation) for the hdfs service in the hadoop platform is as follows:

[0034] 1. The client builds a local access agent according to the configuration, and initializes the account and other information;

[0035] 2. The client starts to establish a tcp connection with NameNode's reverse proxy service, and sends an encrypted string for identity authentication;

[0036] 3. The proxy server receives the request to establish a connection, obtains identity authentication information, and authenticates the user identity according to predefined rules;

[0037] 4. If the authentication is passed, a successful response is written through the tcp channel, and the connection is formally established;

[0038] 5. The client starts to construct and send the rpc request packet of MKDIRS, and the serialization part is completed by the protobuf framework;

[0039] 6. After receiving the rpc requ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Hadoop platform security management and control method based on a multi-protocol reverse proxy, which comprises the following steps: 1, constructing a reverse proxy server, and starting to monitor a user request; 2, receiving a request sent by a client, and intercepting the request; 3, verifying the account information in the request, carrying out security authentication,and refusing access if the account information does not accord with a predetermined rule; 4, forwarding the request to a target service according to the detailed information of the request, and obtaining response information; and 5, returning the response information to the client. According to the method and the system, a unified account authentication and authority management and control schemeis provided for the hadoop platform on the basis of reverse proxy for realizing multiple network protocols, and the hadoop platform is free of service invasion while being compatible with multiple hadoop versions.

Description

technical field [0001] The invention belongs to the field of platform security management and control, and specifically relates to a method for intercepting network traffic of a Hadoop platform and performing security control according to rules set by users; and a method for exporting the network traffic of the Hadoop platform for data analysis and security auditing. Background technique [0002] The open source Apache Hadoop platform includes various types of service components such as hdfs, yarn, hive, and hbase, and currently lacks unified and comprehensive security control measures. The security management and control solutions commonly used on Hadoop platforms only support identity authentication based on Kerberos, which is poorly integrated with common account systems. Permissions are controlled by each service itself, and some components (such as hive, etc.) will provide plug-in extension interfaces, based on which users can customize permission verification logic tha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0884H04L63/10H04L63/306
Inventor 吴平杰
Owner 全知科技(杭州)有限责任公司