[jira] [Commented] (DRILL-4335) Apache Drill should support network encryption

Mon, 01 May 2017 16:08:57 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991737#comment-15991737
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r114215418
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java ---
    @@ -116,6 +116,11 @@
       String BIT_AUTHENTICATION_ENABLED = 
"drill.exec.security.bit.auth.enabled";
       String BIT_AUTHENTICATION_MECHANISM = 
"drill.exec.security.bit.auth.mechanism";
       String USE_LOGIN_PRINCIPAL = 
"drill.exec.security.bit.auth.use_login_principal";
    +  String USER_ENCRYPTION_SASL_ENABLED = 
"drill.exec.security.user.encryption.sasl.enabled";
    +  String USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE = 
"drill.exec.security.user.encryption.sasl.max_wrapped_size";
    --- End diff --
    
    We should document this config parameter due to the change in name (from 
"maximum size of the raw send buffer in bytes" to max_wrapped_size).
    
    From [Sasl.RAW_SEND_SIZE 
doc](http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/javax/security/sasl/Sasl.java#151):
    > The name of a property that specifies the maximum size of the raw send 
buffer in bytes of SaslClient/SaslServer. The property contains the string 
representation of an integer. The value of this property is negotiated between 
the client and server during the authentication exchange. 


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to