You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2015/10/08 20:42:26 UTC

[jira] [Commented] (STORM-430) (Security) Allow netty SASL to support encryption/decryption

    [ https://issues.apache.org/jira/browse/STORM-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949124#comment-14949124 ] 

ASF GitHub Bot commented on STORM-430:
--------------------------------------

Github user d2r commented on a diff in the pull request:

    https://github.com/apache/storm/pull/250#discussion_r41551583
  
    --- Diff: storm-core/src/jvm/backtype/storm/Config.java ---
    @@ -108,7 +108,15 @@
          */
         public static final String STORM_MESSAGING_NETTY_AUTHENTICATION = "storm.messaging.netty.authentication";
         public static final Object STORM_MESSAGING_NETTY_AUTHENTICATION_SCHEMA = Boolean.class;
    -
    +    
    +    /**
    +     * Netty based messaging: A quality of protection (qop) value is one of "auth" - authentication only, 
    +     * "auth-int" - authentication plus integrity protection, "auth-conf" - authentication plus integrity and confidentiality protection.
    +     * The default qop is "auth".
    +     */
    +    public static final String STORM_MESSAGING_NETTY_PROTECTION = "storm.messaging.netty.protection";
    +    public static final Object STORM_MESSAGING_NETTY_PROTECTION_SCHEMA = String.class;
    --- End diff --
    
    * Is this config intended to be a cluster-wide setting or could it be different for each topology?
    * It would be nice to validate the setting is one of the accepted values beyond being a string.


> (Security) Allow netty SASL to support encryption/decryption
> ------------------------------------------------------------
>
>                 Key: STORM-430
>                 URL: https://issues.apache.org/jira/browse/STORM-430
>             Project: Apache Storm
>          Issue Type: Improvement
>          Components: storm-core
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>         Attachments: Storm-Netty Secure Layer.pdf
>
>
> SASL provides more then just authentication, it can also provide integraty guarantees.
> as described here http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP
> and http://docs.oracle.com/javase/7/docs/technotes/guides/security/sasl/sasl-refguide.html
> In order to provide those guarantees encryption is used, and the wrap/unwrap methods for the SaslClient and Server must be used.  It would be great to support this for storm as well, allowing users to configure the level of security they want.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)