[ https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957886#comment-15957886 ]
ASF GitHub Bot commented on DRILL-4335: --------------------------------------- Github user sudheeshkatkam commented on a diff in the pull request: https://github.com/apache/drill/pull/773#discussion_r109736477 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitConnectionConfig.java --- @@ -46,16 +47,40 @@ protected BitConnectionConfig(BufferAllocator allocator, BootStrapContext contex super(allocator, context); final DrillConfig config = context.getConfig(); + final AuthenticatorProvider authProvider = getAuthProvider(); + if (config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)) { this.authMechanismToUse = config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM); try { - getAuthProvider().getAuthenticatorFactory(authMechanismToUse); + authProvider.getAuthenticatorFactory(authMechanismToUse); } catch (final SaslException e) { throw new DrillbitStartupException(String.format( "'%s' mechanism not found for bit-to-bit authentication. Please check authentication configuration.", authMechanismToUse)); } - logger.info("Configured bit-to-bit connections to require authentication using: {}", authMechanismToUse); + + // Update encryption related configurations + encryptionContext.setEncryption(config.getBoolean(ExecConstants.BIT_SASL_ENCRYPTION_ENABLED)); + + int maxEncodeSize = config.getInt(ExecConstants.BIT_SASL_ENCRYPTION_ENCODESIZE); + + if(maxEncodeSize > RpcConstants.MAX_WRAP_SIZE) { --- End diff -- + spacing + check for non-negative > Apache Drill should support network encryption > ---------------------------------------------- > > Key: DRILL-4335 > URL: https://issues.apache.org/jira/browse/DRILL-4335 > Project: Apache Drill > Issue Type: New Feature > Reporter: Keys Botzum > Assignee: Sorabh Hamirwasia > Labels: security > Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf > > > This is clearly related to Drill-291 but wanted to make explicit that this > needs to include network level encryption and not just authentication. This > is particularly important for the client connection to Drill which will often > be sending passwords in the clear until there is encryption. -- This message was sent by Atlassian JIRA (v6.3.15#6346)