[ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970804#comment-15970804
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r111713955
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserConnectionConfig.java
 ---
    @@ -34,32 +39,81 @@
     
       private final UserServerRequestHandler handler;
     
    +  // Total number of external DrillClient connection's on this server.
    +  private static final Counter secureUserConnections = 
DrillMetrics.getRegistry()
    +    .counter("drill.user.encrypted.connections");
    +
    +  private static final Counter insecureUserConnections = 
DrillMetrics.getRegistry()
    +    .counter("drill.user.unencrypted.connections");
    +
       UserConnectionConfig(BufferAllocator allocator, BootStrapContext 
context, UserServerRequestHandler handler)
    -      throws DrillbitStartupException {
    +    throws DrillbitStartupException {
         super(allocator, context);
         this.handler = handler;
     
    -    if 
(context.getConfig().getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
    -      if (getAuthProvider().getAllFactoryNames().isEmpty()) {
    +    final DrillConfig config = context.getConfig();
    +    final AuthenticatorProvider authProvider = getAuthProvider();
    +
    +    if (config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED)) {
    +      if (authProvider.getAllFactoryNames().isEmpty()) {
             throw new DrillbitStartupException("Authentication enabled, but no 
mechanisms found. Please check " +
    -            "authentication configuration.");
    +          "authentication configuration.");
           }
           authEnabled = true;
    -      logger.info("Configured all user connections to require 
authentication using: {}",
    -          getAuthProvider().getAllFactoryNames());
    +
    +      // Update encryption related parameters.
    +      
encryptionContext.setEncryption(config.getBoolean(ExecConstants.USER_SASL_ENCRYPTION_ENABLED));
    +
    +      int maxEncodeSize = 
config.getInt(ExecConstants.USER_SASL_ENCRYPTION_ENCODESIZE);
    +
    +      if(maxEncodeSize > RpcConstants.MAX_WRAP_SIZE) {
    +        logger.warn("Setting user.sasl.encryption.encodesize to maximum 
allowed value of 16MB");
    +        maxEncodeSize = RpcConstants.MAX_WRAP_SIZE;
    +      }
    +      encryptionContext.setWrappedChunkSize(maxEncodeSize);
    +
    +      if (encryptionContext.isEncryptionEnabled() && 
authProvider.isOnlyPlainConfigured()) {
    --- End diff --
    
    Yes see other comments.


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to