You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "Sean Busbey (JIRA)" <ji...@apache.org> on 2014/04/22 18:40:15 UTC
[jira] [Reopened] (ACCUMULO-2713) Instance secret written out with
other configuration items to RFiles and WALogs when encryption is turned on
[ https://issues.apache.org/jira/browse/ACCUMULO-2713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Busbey reopened ACCUMULO-2713:
-----------------------------------
* If this also leaked in the WAL, we should check in both the RFile test and the WALog test
* per Christopher's suggestion, we should expand to keep out all annotated Sensitive properties
> Instance secret written out with other configuration items to RFiles and WALogs when encryption is turned on
> ------------------------------------------------------------------------------------------------------------
>
> Key: ACCUMULO-2713
> URL: https://issues.apache.org/jira/browse/ACCUMULO-2713
> Project: Accumulo
> Issue Type: Bug
> Affects Versions: 1.5.1
> Reporter: Michael Allen
> Assignee: John Vines
> Priority: Blocker
> Labels: WAL, encryption, rfile
> Fix For: 1.6.0
>
> Attachments: Dont-write-instance-secret-to-RFiles.patch
>
>
> The encryption at rest feature records configuration information in order to encrypted RFiles and WALogs so that if the configuration changes, the files can be read back. The code that does this recording hovers up all the "instance.*" entries, and does not pick out the instance.secret as a special one not to write. Thus the instance secret goes into each file in the clear, which is non-ideal to say the least.
> Patch forthcoming.
--
This message was sent by Atlassian JIRA
(v6.2#6252)