You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Grant Henke (Jira)" <ji...@apache.org> on 2020/06/02 17:36:01 UTC
[jira] [Updated] (KUDU-1921) Add ability for clients to require
authentication/encryption
[ https://issues.apache.org/jira/browse/KUDU-1921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Grant Henke updated KUDU-1921:
------------------------------
Labels: roadmap-candidate (was: )
> Add ability for clients to require authentication/encryption
> ------------------------------------------------------------
>
> Key: KUDU-1921
> URL: https://issues.apache.org/jira/browse/KUDU-1921
> Project: Kudu
> Issue Type: Improvement
> Components: client, security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Attila Bukor
> Priority: Critical
> Labels: roadmap-candidate
>
> Currently, the clients always operate in "optional" mode for authentication and encryption. This means that they are vulnerable to downgrade attacks by a MITM. We should provide APIs so that clients can be configured to prohibit downgrade when connecting to clusters they know to be secure.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)