[
https://issues.apache.org/jira/browse/AVRO-2868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17755873#comment-17755873
]
Christophe Le Saec commented on AVRO-2868:
------------------------------------------
Could encryption / decryption be viewed like compression/decompression Codec;
used by DataFileStream ?
Except method name, it seems to be also convenient for encryption/decryption
{code:java}
/** Compresses the input data */
public abstract ByteBuffer compress(ByteBuffer uncompressedData) throws
IOException;
/** Decompress the data */
public abstract ByteBuffer decompress(ByteBuffer compressedData) throws
IOException;
{code}
We could also add a "ComposedCodec" that can chain a compress codec and then an
encryption one.
> Introduce serialization finalizer hook
> --------------------------------------
>
> Key: AVRO-2868
> URL: https://issues.apache.org/jira/browse/AVRO-2868
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Affects Versions: 1.8.2
> Reporter: enrico agnoli
> Priority: Major
> Attachments: release-1.8.2_avroWithEncryptionSupport.diff
>
>
> I would like to make a proposal change to AVRO to allow services to integrate
> some logic after serialization and before deserialization.
> We use AVRO to support the data serialization in our streaming infrastructure
> and we decided to extend it to provide us the possibility to encrypt the data
> with info available directly on the data itself: the owner of it.
> The change-set is pretty small and I would like to hear from you if it makes
> sense to contribute it back to the project.
>
> * == The problem is:*
> Multi-tenants applications have the need to encrypt data (with the keys of
> the owner/tenant that generated that piece of data) every time it is
> serialized to avoid commingling of different tenant data. To do so,
> transparently to the application, the ideal place to implement the encryption
> it is in the serialization library (AVRO).
>
> * == Proposal:*
> We modified the AVRO code to have afterSerialization and
> beforeDeserialization hooks that can use object defined values (the
> tenant/owner of that data) to implement encryption.
> In the code we propose to submit we implemented a new interface:
> `SerializeFinalizationDelegate.java`
> {noformat}
> public interface SerializeFinalizationDelegate
> {
> void afterSerialization(ByteArrayOutputStream serializedData, Encoder
> finalEncoder);
> Decoder beforeDeserialization(Decoder dataToDecode);
> }
> {noformat}
> That needs to be implemented by any AVRO serializable class that wants to
> define a post-serialization or pre-deserialization logic.
> `GenericDatumWriter` and `GenericDatumReader` are modified to delegate to the
> object implementation of the methods above.
>
> More info can be found at
> [https://www.slideshare.net/FlinkForward/multi-tenanted-streams-workday-enrico-agnoli-leire-fernandez-de-retana-roitegui-workday-185815223]
> from slide 21
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
