Unlock instant, AI-driven research and patent intelligence for your innovation.

A Hadoop platform security control method based on multi-protocol reverse proxy

A technology of reverse proxy and security control, which is applied in the field of platform security control and can solve problems such as late interface appearance and security issues

Active Publication Date: 2021-07-30
全知科技(杭州)有限责任公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the open source nature of the hadoop platform, the plug-in interface appeared late, and many early versions did not support this type of interface. At the same time, the plug-in method is extremely intrusive to the hadoop platform, and it is easy to cause various security issues.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Hadoop platform security control method based on multi-protocol reverse proxy
  • A Hadoop platform security control method based on multi-protocol reverse proxy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0033] like figure 1 and 2 As shown, the detailed process of a typical file operation (directory creation) for the hdfs service in the hadoop platform is as follows:

[0034] 1. The client builds a local access agent according to the configuration, and initializes the account and other information;

[0035] 2. The client starts to establish a tcp connection with NameNode's reverse proxy service, and sends an encrypted string for identity authentication;

[0036] 3. The proxy server receives the request to establish a connection, obtains identity authentication information, and authenticates the user identity according to predefined rules;

[0037] 4. If the authentication is passed, a successful response is written through the tcp channel, and the connection is formally established;

[0038] 5. The client starts to construct and send the rpc request packet of MKDIRS, and the serialization part is completed by the protobuf framework;

[0039] 6. After receiving the rpc requ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Hadoop platform security management and control method based on multi-protocol reverse proxy, comprising the following steps: 1. Build a reverse proxy server and start to monitor user requests; 2. Receive requests sent by clients and intercept them ;3. Verify the account information in the request and perform security authentication. If it does not meet the predetermined rules, the access will be denied; 4. According to the detailed information of the request, forward the request to the target service and obtain the response information; 5. Send the response Information is returned to the client. The present invention is based on realizing the reverse proxy of multiple network protocols, provides unified account authentication and authority management and control schemes for the Hadoop platform, and has no business intrusion on the Hadoop platform itself while being compatible with multiple Hadoop versions.

Description

technical field [0001] The invention belongs to the field of platform security management and control, and specifically relates to a method for intercepting network traffic of a Hadoop platform and performing security control according to rules set by users; and a method for exporting the network traffic of the Hadoop platform for data analysis and security auditing. Background technique [0002] The open source Apache Hadoop platform includes various types of service components such as hdfs, yarn, hive, and hbase, and currently lacks unified and comprehensive security control measures. The security management and control solutions commonly used on Hadoop platforms only support identity authentication based on Kerberos, which is poorly integrated with common account systems. Permissions are controlled by each service itself, and some components (such as hive, etc.) will provide plug-in extension interfaces, based on which users can customize permission verification logic tha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0884H04L63/10H04L63/306
Inventor 吴平杰
Owner 全知科技(杭州)有限责任公司