[ https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991737#comment-15991737 ]
ASF GitHub Bot commented on DRILL-4335: --------------------------------------- Github user sudheeshkatkam commented on a diff in the pull request: https://github.com/apache/drill/pull/773#discussion_r114215418 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/ExecConstants.java --- @@ -116,6 +116,11 @@ String BIT_AUTHENTICATION_ENABLED = "drill.exec.security.bit.auth.enabled"; String BIT_AUTHENTICATION_MECHANISM = "drill.exec.security.bit.auth.mechanism"; String USE_LOGIN_PRINCIPAL = "drill.exec.security.bit.auth.use_login_principal"; + String USER_ENCRYPTION_SASL_ENABLED = "drill.exec.security.user.encryption.sasl.enabled"; + String USER_ENCRYPTION_SASL_MAX_WRAPPED_SIZE = "drill.exec.security.user.encryption.sasl.max_wrapped_size"; --- End diff -- We should document this config parameter due to the change in name (from "maximum size of the raw send buffer in bytes" to max_wrapped_size). From [Sasl.RAW_SEND_SIZE doc](http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/javax/security/sasl/Sasl.java#151): > The name of a property that specifies the maximum size of the raw send buffer in bytes of SaslClient/SaslServer. The property contains the string representation of an integer. The value of this property is negotiated between the client and server during the authentication exchange. > Apache Drill should support network encryption > ---------------------------------------------- > > Key: DRILL-4335 > URL: https://issues.apache.org/jira/browse/DRILL-4335 > Project: Apache Drill > Issue Type: New Feature > Reporter: Keys Botzum > Assignee: Sorabh Hamirwasia > Labels: security > Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf > > > This is clearly related to Drill-291 but wanted to make explicit that this > needs to include network level encryption and not just authentication. This > is particularly important for the client connection to Drill which will often > be sending passwords in the clear until there is encryption. -- This message was sent by Atlassian JIRA (v6.3.15#6346)