accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Mon, 26 Aug 2013 23:02:51 GMT


Christopher Tubbs commented on ACCUMULO-1009:

A couple of (JSSE-related) things:

# I'm strongly opposed to the client configuration extending AccumuloConfiguration, because
AccumuloConfiguration is almost exclusively server-side. A simple Properties-based configuration
would be preferred... perhaps a commons-configuration object instead? However, I don't see
much need for configuration at all, except to carry the JSSE properties and maybe a boolean
to enable the use of them (unless you wanted to add logic to say, "use SSL if any*"
is defined).
# I'd prefer JSSE system properties rather than creating additional Accumulo-specific properties
on the client side that mirror these. In fact, the javadocs for TSSLTransportFactory explicitly
describe the ability to set JSSE system properties, so this should be trivial to implement.
# Additionally, the way this is written limits the use of any other store provider other than
the built-in one that uses JKS. Everything is very "keystore file"-specific. What if I want
to use a gnome-keyring provider? Normally this could be specified in the JSSE system properties,
so using those should release this restriction, while simplifying the code.
> Support encryption over the wire
> --------------------------------
>                 Key: ACCUMULO-1009
>                 URL:
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>         Attachments: ACCUMULO-1009_thriftSsl.patch
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message