accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Turner (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-958) Support pluggable encryption in walogs
Date Fri, 11 Jan 2013 18:10:14 GMT


Keith Turner commented on ACCUMULO-958:

bq. The cipherstreams simply add a layer between the write and the write to DFS, so it's all
server side. It should have no impact on dfs' append functionality

i know it will not impact dfs's append.  I was wondering if encryptions streams support flushing
at arbitrary points, such that if the server dies you can decrypt everything up to your last
succesful flush point.

bq. For the RFiles, we're better off looking at the codec used for the block level compression
of RFiles.

yeah, you would want to encrypt and compress each block. I was not suggesting otherwise. 
I am just trying to think about this from a user perspective.  They may want to just turn
on encryption for accumulo.  Turning on encryption for just the writeahead logs would seem
like a confusing options to offer users.  The user may not care how it works with rfiles and
walogs, they just want to turn on encryption of Accumulo's persisted data.

> Support pluggable encryption in walogs
> --------------------------------------
>                 Key: ACCUMULO-958
>                 URL:
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: John Vines
>             Fix For: 1.5.0
> There are some cases where users want encryption at rest for the walogs. It should be
fairly trivial to implement it in such a way to insert a CipherOutputStream into the data
path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can
insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the
Cipher type's match at read and write time. Possibly a versioning mechanism so people can
migrate Ciphers.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message