You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2016/07/05 22:30:11 UTC

[jira] [Created] (PHOENIX-3048) Wire up HTTP Basic/Digest authentication from Avatica into PQS

Josh Elser created PHOENIX-3048:
-----------------------------------

             Summary: Wire up HTTP Basic/Digest authentication from Avatica into PQS
                 Key: PHOENIX-3048
                 URL: https://issues.apache.org/jira/browse/PHOENIX-3048
             Project: Phoenix
          Issue Type: Improvement
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 4.9.0


Had an ask last week about exposing the HTTP Basic and Digest authentication I put into Avatica 1.8.0.

I avoided wiring it up because the Jetty-based configuration file properties aren't really a desirable solution for any security-minded organization (we need some integration with an external credentials management system, not a bunch of plain-text files laying around).

However, until we get to that point, there may be some extra value seen in some simple username-password authentication that PQS can assert for cases when Kerberos isn't desirable (even with the flat-file approach).

The trickiest part, I think, will just be getting the password sent around securely. I've been playing with a mock-up of this today. Will put up a prelim patch shortly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)