[jira] [Commented] (DRILL-4335) Apache Drill should support network encryption

Mon, 17 Apr 2017 00:43:20 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970793#comment-15970793
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r111676624
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java ---
    @@ -335,8 +350,27 @@ public BitToUserHandshake 
getHandshakeResponse(UserToBitHandshake inbound) throw
                 }
               }
     
    -          // mention server's authentication capabilities
    -          
respBuilder.addAllAuthenticationMechanisms(config.getAuthProvider().getAllFactoryNames());
    +          // We are checking in UserConnectionConfig that if SASL 
encryption is enabled then mechanisms other
    +          // than PLAIN are also configured otherwise throw exception
    +          final Set<String> configuredMech = 
config.getAuthProvider().getAllFactoryNames();
    +
    +          if (!config.isEncryptionEnabled()) {
    +
    +            respBuilder.addAllAuthenticationMechanisms(configuredMech);
    +          } else {
    --- End diff --
    
    Since PLAIN doesn't support encryption and also we don't support older 
clients without encryption support to connect to cluster with encryption 
enabled, there was no case where client can use PLAIN mechanism. 
    
    But considering other custom mechanism which might not support encryption 
as well. Have removed the special handling for PLAIN.


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to