[jira] [Commented] (ACCUMULO-958) Support pluggable encryption in walogs

Fri, 11 Jan 2013 10:10:16 -0800 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551334#comment-13551334
 ] 

Keith Turner commented on ACCUMULO-958:
---------------------------------------

bq. The cipherstreams simply add a layer between the write and the write to 
DFS, so it's all server side. It should have no impact on dfs' append 
functionality

i know it will not impact dfs's append.  I was wondering if encryptions streams 
support flushing at arbitrary points, such that if the server dies you can 
decrypt everything up to your last succesful flush point.

bq. For the RFiles, we're better off looking at the codec used for the block 
level compression of RFiles.

yeah, you would want to encrypt and compress each block. I was not suggesting 
otherwise.  I am just trying to think about this from a user perspective.  They 
may want to just turn on encryption for accumulo.  Turning on encryption for 
just the writeahead logs would seem like a confusing options to offer users.  
The user may not care how it works with rfiles and walogs, they just want to 
turn on encryption of Accumulo's persisted data.




                
> Support pluggable encryption in walogs
> --------------------------------------
>
>                 Key: ACCUMULO-958
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-958
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: John Vines
>             Fix For: 1.5.0
>
>
> There are some cases where users want encryption at rest for the walogs. It 
> should be fairly trivial to implement it in such a way to insert a 
> CipherOutputStream into the data path (defaulting to using a NullCipher) and 
> then making the Cipher pluggable to users can insert the appropriate 
> mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make 
> sure the Cipher type's match at read and write time. Possibly a versioning 
> mechanism so people can migrate Ciphers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to