[ https://issues.apache.org/jira/browse/STORM-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14949124#comment-14949124 ]
ASF GitHub Bot commented on STORM-430: -------------------------------------- Github user d2r commented on a diff in the pull request: https://github.com/apache/storm/pull/250#discussion_r41551583 --- Diff: storm-core/src/jvm/backtype/storm/Config.java --- @@ -108,7 +108,15 @@ */ public static final String STORM_MESSAGING_NETTY_AUTHENTICATION = "storm.messaging.netty.authentication"; public static final Object STORM_MESSAGING_NETTY_AUTHENTICATION_SCHEMA = Boolean.class; - + + /** + * Netty based messaging: A quality of protection (qop) value is one of "auth" - authentication only, + * "auth-int" - authentication plus integrity protection, "auth-conf" - authentication plus integrity and confidentiality protection. + * The default qop is "auth". + */ + public static final String STORM_MESSAGING_NETTY_PROTECTION = "storm.messaging.netty.protection"; + public static final Object STORM_MESSAGING_NETTY_PROTECTION_SCHEMA = String.class; --- End diff -- * Is this config intended to be a cluster-wide setting or could it be different for each topology? * It would be nice to validate the setting is one of the accepted values beyond being a string. > (Security) Allow netty SASL to support encryption/decryption > ------------------------------------------------------------ > > Key: STORM-430 > URL: https://issues.apache.org/jira/browse/STORM-430 > Project: Apache Storm > Issue Type: Improvement > Components: storm-core > Reporter: Robert Joseph Evans > Assignee: Raghavendra Nandagopal > Attachments: Storm-Netty Secure Layer.pdf > > > SASL provides more then just authentication, it can also provide integraty > guarantees. > as described here > http://docs.oracle.com/javase/7/docs/api/javax/security/sasl/Sasl.html#QOP > and > http://docs.oracle.com/javase/7/docs/technotes/guides/security/sasl/sasl-refguide.html > In order to provide those guarantees encryption is used, and the wrap/unwrap > methods for the SaslClient and Server must be used. It would be great to > support this for storm as well, allowing users to configure the level of > security they want. -- This message was sent by Atlassian JIRA (v6.3.4#6332)