[jira] [Commented] (DRILL-4335) Apache Drill should support network encryption

Fri, 05 May 2017 09:42:45 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15998551#comment-15998551
 ] 

ASF GitHub Bot commented on DRILL-4335:
---------------------------------------

Github user sudheeshkatkam commented on a diff in the pull request:

    https://github.com/apache/drill/pull/773#discussion_r114895578
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitConnectionConfig.java 
---
    @@ -46,16 +47,34 @@ protected BitConnectionConfig(BufferAllocator 
allocator, BootStrapContext contex
         super(allocator, context);
     
         final DrillConfig config = context.getConfig();
    +    final AuthenticatorProvider authProvider = getAuthProvider();
    +
         if (config.getBoolean(ExecConstants.BIT_AUTHENTICATION_ENABLED)) {
           this.authMechanismToUse = 
config.getString(ExecConstants.BIT_AUTHENTICATION_MECHANISM);
           try {
    -        getAuthProvider().getAuthenticatorFactory(authMechanismToUse);
    +        authProvider.getAuthenticatorFactory(authMechanismToUse);
           } catch (final SaslException e) {
             throw new DrillbitStartupException(String.format(
                 "'%s' mechanism not found for bit-to-bit authentication. 
Please check authentication configuration.",
                 authMechanismToUse));
           }
    -      logger.info("Configured bit-to-bit connections to require 
authentication using: {}", authMechanismToUse);
    +
    +      // Update encryption related configurations
    +      
encryptionContext.setEncryption(config.getBoolean(ExecConstants.BIT_ENCRYPTION_SASL_ENABLED));
    +      final int maxWrappedSize = 
config.getInt(ExecConstants.BIT_ENCRYPTION_SASL_MAX_WRAPPED_SIZE);
    +
    +      if (maxWrappedSize <= 0 || maxWrappedSize > 
RpcConstants.MAX_WRAPPED_SIZE) {
    +        throw new DrillbitStartupException("Invalid value configured for 
bit.encryption.sasl.encodesize." +
    --- End diff --
    
    encodesize -> max_wrapped_size


> Apache Drill should support network encryption
> ----------------------------------------------
>
>                 Key: DRILL-4335
>                 URL: https://issues.apache.org/jira/browse/DRILL-4335
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Keys Botzum
>            Assignee: Sorabh Hamirwasia
>              Labels: security
>         Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this 
> needs to include network level encryption and not just authentication. This 
> is particularly important for the client connection to Drill which will often 
> be sending passwords in the clear until there is encryption.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to