hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13887) Support for client-side encryption in S3A file system
Date Fri, 10 Mar 2017 21:49:04 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13887?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15905750#comment-15905750
] 

Steve Loughran commented on HADOOP-13887:
-----------------------------------------

most (all?) of us don't know about how s3 client side encryption works, so these details are
not something we necessarily have valid opinions on. 

A simpler set of options is way easier to test & document, unless people have a very special
need for custom things.  Custom stuff can always be added in future if there is lots of pent
up demand, but if it goes in now, can never be taken away,


What I do want to do is make sure that we don't endanger security by leaking secrets (e.g.
logging them), or by not actually encrypting data the way we promise. What can be done there
is the same test we now have for SSE : verify that a different S3A client cannot read data
written by one with different secrets.

> Support for client-side encryption in S3A file system
> -----------------------------------------------------
>
>                 Key: HADOOP-13887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13887
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 2.8.0
>            Reporter: Jeeyoung Kim
>            Assignee: Igor Mazur
>            Priority: Minor
>         Attachments: HADOOP-14171-001.patch
>
>
> Expose the client-side encryption option documented in Amazon S3 documentation  - http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
> Currently this is not exposed in Hadoop but it is exposed as an option in AWS Java SDK,
which Hadoop currently includes. It should be trivial to propagate this as a parameter passed
to the S3client used in S3AFileSystem.java



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message