[jira] [Commented] (DRILL-4335) Apache Drill should support network encryption

Mon, 01 May 2017 12:48:27 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991391#comment-15991391
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r113376924
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/security/ServerAuthenticationHandler.java
 ---
    @@ -251,25 +255,67 @@ void process(SaslResponseContext<S, T> context) 
throws Exception {
       private static <S extends ServerConnection<S>, T extends EnumLite>
       void handleSuccess(final SaslResponseContext<S, T> context, final 
SaslMessage.Builder challenge,
                          final SaslServer saslServer) throws IOException {
    -    context.connection.changeHandlerTo(context.requestHandler);
    -    context.connection.finalizeSaslSession();
    -    context.sender.send(new Response(context.saslResponseType, 
challenge.build()));
     
    -    // setup security layers here..
    +    final S connection = context.connection;
    +    connection.changeHandlerTo(context.requestHandler);
    +    connection.finalizeSaslSession();
    +
    +    // Check the negotiated property before sending the response back to 
client
    +    try {
    +      final String negotiatedQOP = 
saslServer.getNegotiatedProperty(Sasl.QOP).toString();
    --- End diff --
    
    Please see comment above.


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to