flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-3931) Implement Transport Encryption (SSL/TLS)
Date Thu, 06 Oct 2016 16:53:21 GMT

    [ https://issues.apache.org/jira/browse/FLINK-3931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552474#comment-15552474
] 

ASF GitHub Bot commented on FLINK-3931:
---------------------------------------

Github user mxm commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2518#discussion_r82211018
  
    --- Diff: docs/setup/config.md ---
    @@ -140,6 +140,8 @@ will be used under the directory specified by jobmanager.web.tmpdir.
     
     - `blob.server.port`: Port definition for the blob server (serving user jar's) on the
Taskmanagers. By default the port is set to 0, which means that the operating system is picking
an ephemeral port. Flink also accepts a list of ports ("50100,50101"), ranges ("50100-50200")
or a combination of both. It is recommended to set a range of ports to avoid collisions when
multiple JobManagers are running on the same machine.
     
    +- `blob.service.ssl.enabled`: Flag to enable ssl for the blob client/server communication.
This is applicable only when the global ssl flag security.ssl.enabled is set to true (DEFAULT:
true).
    --- End diff --
    
    Do we really need a switch for this? If we have `security.ssl.enabled` set to `true`,
then this should always be enabled.


> Implement Transport Encryption (SSL/TLS)
> ----------------------------------------
>
>                 Key: FLINK-3931
>                 URL: https://issues.apache.org/jira/browse/FLINK-3931
>             Project: Flink
>          Issue Type: New Feature
>            Reporter: Eron Wright 
>            Assignee: Suresh Krishnappa
>              Labels: security
>   Original Estimate: 1,008h
>  Remaining Estimate: 1,008h
>
> _This issue is part of a series of improvements detailed in the [Secure Data Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
design doc._
> To assure privacy and data integrity between Flink components, enable TLS for all communication
channels.  As described in the design doc:
> - Accept a configured certificate or generate a certificate.
> - Enable Akka SSL
> - Implement Data Transfer SSL
> - Implement Blob Server SSL
> - Implement Web UI HTTPS



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message