[jira] [Commented] (DRILL-4335) Apache Drill should support network encryption

Wed, 05 Apr 2017 15:21:08 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957874#comment-15957874
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r109968323
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserClient.java ---
    @@ -135,20 +137,33 @@ public void submitQuery(UserResultsListener 
resultsListener, RunQuery query) {
        * @param credentials credentials
        * @throws RpcException if either connection or authentication fails
        */
    -  public void connect(final DrillbitEndpoint endpoint, final 
DrillProperties properties,
    -                      final UserCredentials credentials) throws 
RpcException {
    -    final UserToBitHandshake handshake = UserToBitHandshake.newBuilder()
    +  public void connect(final DrillbitEndpoint endpoint, final 
DrillProperties properties, final UserCredentials credentials) throws 
RpcException {
    +    final UserToBitHandshake.Builder hsBuilder = 
UserToBitHandshake.newBuilder()
             .setRpcVersion(UserRpcConfig.RPC_VERSION)
             .setSupportListening(true)
             .setSupportComplexTypes(supportComplexTypes)
             .setSupportTimeout(true)
             .setCredentials(credentials)
             .setClientInfos(UserRpcUtils.getRpcEndpointInfos(clientName))
    -        .setSaslSupport(SaslSupport.SASL_AUTH)
    -        .setProperties(properties.serializeForServer())
    -        .build();
    +        .setSaslSupport(SaslSupport.SASL_PRIVACY)
    +        .setProperties(properties.serializeForServer());
    +
    +    // Only used for testing purpose
    +    if (properties.containsKey(DrillProperties.TEST_OLD_CLIENT)) {
    --- End diff --
    
    Although only VisibleForTesting, this property is still available to any 
user. Could this cause trouble?


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to