accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Berman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Mon, 09 Sep 2013 21:52:51 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13762354#comment-13762354
] 

Michael Berman commented on ACCUMULO-1009:
------------------------------------------

WRT JSSE config, I wouldn't feel great about making the JSSE system properties be the only
way to configure the accumulo client's SSL settings.  It's JVM global, and accumulo clients
may well make connections to multiple services or provide their own SSL server.  Especially
since I'm imagining the most common deployment will involve private roots, it seems overly
restrictive to require the accumulo SSL config to be identical to the SSL config used across
the entire client app.  However, I do think it makes sense to optionally tell accumulo to
use the JSSE config.  I'll add that option.

I'm working on separating AccumuloConfiguration from ClientConfiguration now, but they will
have to cross paths at some point in the codebase, since accumulo services need to be able
to make thrift connections to other accumulo services, and they will ultimately get their
config from AccumuloConfiguration.  Do you think it would make sense to have AccumuloConfiguration.getClientConfig()?
 Then, if we're in a context that does have an AccumuloConfiguration, we can access common
code for creating connections, while contexts like ZooKeeperInstance need not know anything
about it.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message