Return-Path: X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 66B8611822 for ; Tue, 22 Apr 2014 15:43:29 +0000 (UTC) Received: (qmail 82501 invoked by uid 500); 22 Apr 2014 15:42:32 -0000 Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org Received: (qmail 81838 invoked by uid 500); 22 Apr 2014 15:42:16 -0000 Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: jira@apache.org Delivered-To: mailing list notifications@accumulo.apache.org Received: (qmail 81816 invoked by uid 99); 22 Apr 2014 15:42:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Apr 2014 15:42:16 +0000 Date: Tue, 22 Apr 2014 15:42:16 +0000 (UTC) From: "Mike Drob (JIRA)" To: notifications@accumulo.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ACCUMULO-2713) Instance secret written out with other configuration items to RFiles and WALogs when encryption is turned on MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ACCUMULO-2713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13976925#comment-13976925 ] Mike Drob commented on ACCUMULO-2713: ------------------------------------- Instead of blocking 1.6.0, can we STRONGLY inform people that they should not be using encryption at rest, and then fix this in 1.6.1? > Instance secret written out with other configuration items to RFiles and WALogs when encryption is turned on > ------------------------------------------------------------------------------------------------------------ > > Key: ACCUMULO-2713 > URL: https://issues.apache.org/jira/browse/ACCUMULO-2713 > Project: Accumulo > Issue Type: Bug > Affects Versions: 1.5.1 > Reporter: Michael Allen > Priority: Blocker > Fix For: 1.6.0 > > Attachments: Dont-write-instance-secret-to-RFiles.patch > > > The encryption at rest feature records configuration information in order to encrypted RFiles and WALogs so that if the configuration changes, the files can be read back. The code that does this recording hovers up all the "instance.*" entries, and does not pick out the instance.secret as a special one not to write. Thus the instance secret goes into each file in the clear, which is non-ideal to say the least. > Patch forthcoming. -- This message was sent by Atlassian JIRA (v6.2#6252)