[jira] [Commented] (STORM-430) (Security) Allow netty SASL to support encryption/decryption

Thu, 08 Oct 2015 11:42:42 -0700 

    [ 
https://issues.apache.org/jira/browse/STORM-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949124#comment-14949124
 ] 

ASF GitHub Bot commented on STORM-430:
--------------------------------------

Github user d2r commented on a diff in the pull request:

    https://github.com/apache/storm/pull/250#discussion_r41551583
  
    --- Diff: storm-core/src/jvm/backtype/storm/Config.java ---
    @@ -108,7 +108,15 @@
          */
         public static final String STORM_MESSAGING_NETTY_AUTHENTICATION = 
"storm.messaging.netty.authentication";
         public static final Object STORM_MESSAGING_NETTY_AUTHENTICATION_SCHEMA 
= Boolean.class;
    -
    +    
    +    /**
    +     * Netty based messaging: A quality of protection (qop) value is one 
of "auth" - authentication only, 
    +     * "auth-int" - authentication plus integrity protection, "auth-conf" 
- authentication plus integrity and confidentiality protection.
    +     * The default qop is "auth".
    +     */
    +    public static final String STORM_MESSAGING_NETTY_PROTECTION = 
"storm.messaging.netty.protection";
    +    public static final Object STORM_MESSAGING_NETTY_PROTECTION_SCHEMA = 
String.class;
    --- End diff --
    
    * Is this config intended to be a cluster-wide setting or could it be 
different for each topology?
    * It would be nice to validate the setting is one of the accepted values 
beyond being a string.


> (Security) Allow netty SASL to support encryption/decryption
> ------------------------------------------------------------
>
>                 Key: STORM-430
>                 URL: https://issues.apache.org/jira/browse/STORM-430
>             Project: Apache Storm
>          Issue Type: Improvement
>          Components: storm-core
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>         Attachments: Storm-Netty Secure Layer.pdf
>
>
> SASL provides more then just authentication, it can also provide integraty 
> guarantees.
> as described here 
> http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP
> and 
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/sasl/sasl-refguide.html
> In order to provide those guarantees encryption is used, and the wrap/unwrap 
> methods for the SaslClient and Server must be used.  It would be great to 
> support this for storm as well, allowing users to configure the level of 
> security they want.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to