accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-958) Support pluggable encryption in walogs
Date Sat, 26 Jan 2013 03:11:14 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563316#comment-13563316
] 

Josh Elser commented on ACCUMULO-958:
-------------------------------------

A few notes:

* Would be great to see some sort of test cases, even illustrating trivial cases
* Javadoc on SecretKeyEncryptionStrategy would be nice
* Move the log.debug to trace (or just remove) for things that are no outwardly useful to
a user/administrator (e.g. DefaultCryptoModule:62, CryptoModuleFactory:85, DfsLogger:223,
etc)
* DefaultCryptoModule:52 comment probably isn't necessary :)
* Please nuke the ALL CAPS spam in CryptoModuleFactory:[63,79,88,93,118,134,143,147], if we
want the user to recognize and forcibly take action, we should propagate an Exception up instead
of falling back to the Null encryption classes.
* CryptoModuleFactory:123-131 could be replaced with:
{noformat}
boolean implementsSecretKeyStrategy = SecretKeyEncryptionStrategy.class.isAssignableFrom(keyEncryptionStrategyClazz);
{noformat}
* I won't really go deep into thoughts on CryptoModule because of your deprecation comments,
but I do want to say that there's probably some easy encapsulation you can do easily with
the crypto opts, params and properties.
* No argument checking in DefaultCryptoModule (NPE easy to arise). Again, tests here would
be good.

                
> Support pluggable encryption in walogs
> --------------------------------------
>
>                 Key: ACCUMULO-958
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-958
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: Michael Allen
>             Fix For: 1.5.0
>
>         Attachments: ACCUMULO-958-actual-changes.patch, accumulo-958.diff
>
>
> There are some cases where users want encryption at rest for the walogs. It should be
fairly trivial to implement it in such a way to insert a CipherOutputStream into the data
path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can
insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the
Cipher type's match at read and write time. Possibly a versioning mechanism so people can
migrate Ciphers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message