You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@accumulo.apache.org by "John Vines (JIRA)" <ji...@apache.org> on 2013/01/26 01:19:12 UTC

[jira] [Resolved] (ACCUMULO-958) Support pluggable encryption in walogs

     [ https://issues.apache.org/jira/browse/ACCUMULO-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

John Vines resolved ACCUMULO-958.
---------------------------------

    Resolution: Fixed
      Assignee: Michael Allen  (was: John Vines)

I checked out the patch, and it looked great. Everything ran fine. And with the change in our walogs, it's great we were able to get this into 1.5. I made a few modification to the patch, namely some formatting, adding some deprecation due to the volatile API, and I added an increased replication to the DFS secret key for some more comfort (same thing we do wtih the !METADATA table).

It is set up with a NullCipher by default, so there should be no issues with the logger crypto being an obstruction to debugging.

And the crypto is in the client package and no server because it should be modular enough to be utilized in the modification to the RFile we would like to see done for 1.6
                
> Support pluggable encryption in walogs
> --------------------------------------
>
>                 Key: ACCUMULO-958
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-958
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: logger
>            Reporter: John Vines
>            Assignee: Michael Allen
>             Fix For: 1.5.0
>
>         Attachments: accumulo-958.diff
>
>
> There are some cases where users want encryption at rest for the walogs. It should be fairly trivial to implement it in such a way to insert a CipherOutputStream into the data path (defaulting to using a NullCipher) and then making the Cipher pluggable to users can insert the appropriate mechanisms for their use case.
> This also means swapping in CipherInputStream and putting in a check to make sure the Cipher type's match at read and write time. Possibly a versioning mechanism so people can migrate Ciphers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira