accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Berman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-1009) Support encryption over the wire
Date Thu, 19 Sep 2013 17:16:55 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772055#comment-13772055
] 

Michael Berman commented on ACCUMULO-1009:
------------------------------------------

{quote}
Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible?
It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen
if a single process connected to multiple Accumulo instances
{quote}

Generally this should be fine.  The cached transports are keyed on (location, timeout, sslEnabled),
so if you're connecting to multiple instances from the same process, they should have different
locations anyway, so the different SSL settings will be segregated.  One potential area for
concern is that I'm only using the sslEnabled flag, not the full set of SSL parameters, so
if you have connected successfully with some cert, and then in the same process you try to
connect with a different cert, you could get a cached, connected transport, even though you
might not otherwise trust the remote server (or you might have an invalid client cert, if
that's turned on).  It seemed to me like this risk was pretty minimal, since you're already
in the same process, but if others think it's too big a risk, it would be easy to add all
the SSL params to the key.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need to encrypt
communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message