[jira] [Updated] (KNOX-188) encryptQueryString Password is Recreated when Topology is Changed.

Fri, 22 Nov 2013 07:31:40 -0800 

     [ 
https://issues.apache.org/jira/browse/KNOX-188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Larry McCay updated KNOX-188:
-----------------------------

    Description: 
URLs with encrypted query strings which contain sensitive internals to the 
cluster fail to be decrypted by the gateway after a cluster topology is 
redeployed in the gateway instance.
Upon redeployment the password for encryptQueryString is being regenerated even 
though the credential store already exists for a given topology file (cluster). 
This must be changed to only generate if the alias doesn't already exist inside 
the credential store. By not retaining previous values Knox cluster deployments 
(HA) which require the passwords to be in sync across gateway instances will 
not be and will create decryption problems across load balancing and failover.

  was:Upon redeployment the password for encryptQueryString is being 
regenerated even though the credential store already exists for a given 
topology file (cluster). This must be changed to only generate if the alias 
doesn't already exist inside the credential store.


> encryptQueryString Password is Recreated when Topology is Changed.
> ------------------------------------------------------------------
>
>                 Key: KNOX-188
>                 URL: https://issues.apache.org/jira/browse/KNOX-188
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Maksim Kononenko
>            Assignee: Larry McCay
>             Fix For: 0.4.0
>
>
> URLs with encrypted query strings which contain sensitive internals to the 
> cluster fail to be decrypted by the gateway after a cluster topology is 
> redeployed in the gateway instance.
> Upon redeployment the password for encryptQueryString is being regenerated 
> even though the credential store already exists for a given topology file 
> (cluster). This must be changed to only generate if the alias doesn't already 
> exist inside the credential store. By not retaining previous values Knox 
> cluster deployments (HA) which require the passwords to be in sync across 
> gateway instances will not be and will create decryption problems across load 
> balancing and failover.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to