ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Endre Zoltan Kovacs via Review Board <nore...@reviews.apache.org>
Subject Re: Review Request 63209: RANGER-1644 changed crypto algorithm to a strong one
Date Fri, 03 Nov 2017 14:24:26 GMT


> On Oct. 23, 2017, 4:56 a.m., bhavik patel wrote:
> > @Endre Zoltan Kovacs : Have you tested plugins test-connection? If someone upgrade
from ranger-0.6 to ranger-0.7 or master after then check plugins test-connection should not
break, can you please confirm that.
> > 
> > note: If you want to use stronger crypto algorithm than you can directly specify
in ranger-admin-default-site.xml rather than changing default value in PasswordUtils.java
> 
> Endre Zoltan Kovacs wrote:
>     hi!
>     i've checked this patch agains HDP 2.6.3 with ranger 0.7.0.2.6 and tested the 'test-connection'.
it brought problems to light,so i fixed them and re-created the patch.
>     this version should work well with service check and service update.
>     
>     i tested and verified that upgrading from an older crypto algo (e.g.: PBEWithSHA1AndDESede)
to this new algo works.
>     
>     Best regards,
>     Endre
> 
> bhavik patel wrote:
>     Hi,
>     Can you please verify one more case : user password which contain special character
, at that time also test-connection should work

Hi!
This was a great idea! i added some more unit tests, aiming catch coma related password problems,
and it turned out there were issues during encrypt phase.
with the new patch these are gone.

besides the unit tests, i also tested passwords with coma on HDP cluster to verify it in a
live settings.
i also tested and verified that it is possible to go back to a less secure algo (that doesn't
need initializer vector) and test/update of service still worked.


- Endre Zoltan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63209/#review188920
-----------------------------------------------------------


On Nov. 3, 2017, 2:24 p.m., Endre Zoltan Kovacs wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63209/
> -----------------------------------------------------------
> 
> (Updated Nov. 3, 2017, 2:24 p.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1644
>     https://issues.apache.org/jira/browse/RANGER-1644
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> changing outdate hash&crypto algorigthms: MD5&DES => SHA512&AES128
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 58cdd3531

>   agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java 4e135aaa7

>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java da650747d 
>   security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java 3dd761a2b

>   security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 9dfc03df1

>   security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 976fd0cb8

> 
> 
> Diff: https://reviews.apache.org/r/63209/diff/3/
> 
> 
> Testing
> -------
> 
> PasswordUtilsTest: added new unit test and updated previous ones
> Added service update test: on service update new service password will be encrypted with
the new algorithm
> 
> 
> Thanks,
> 
> Endre Zoltan Kovacs
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message