accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (ACCUMULO-958) Support pluggable encryption in walogs
Date Sat, 26 Jan 2013 00:19:12 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Vines resolved ACCUMULO-958.
---------------------------------

    Resolution: Fixed
      Assignee: Michael Allen  (was: John Vines)

I checked out the patch, and it looked great. Everything ran fine. And with the change in
our walogs, it's great we were able to get this into 1.5. I made a few modification to the
patch, namely some formatting, adding some deprecation due to the volatile API, and I added
an increased replication to the DFS secret key for some more comfort (same thing we do wtih
the !METADATA table).

It is set up with a NullCipher by default, so there should be no issues with the logger crypto
being an obstruction to debugging.

And the crypto is in the client package and no server because it should be modular enough
to be utilized in the modification to the RFile we would like to see done for 1.6
                
> Support pluggable encryption in walogs
> --------------------------------------
>
>                 Key: ACCUMULO-958
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-958
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: Michael Allen
>             Fix For: 1.5.0
>
>         Attachments: accumulo-958.diff
>
>
> There are some cases where users want encryption at rest for the walogs. It should be
fairly trivial to implement it in such a way to insert a CipherOutputStream into the data
path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can
insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the
Cipher type's match at read and write time. Possibly a versioning mechanism so people can
migrate Ciphers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message