[jira] [Commented] (ACCUMULO-1009) Support encryption over the wire

Mon, 09 Sep 2013 15:20:03 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13762354#comment-13762354
 ] 

Michael Berman commented on ACCUMULO-1009:
------------------------------------------

WRT JSSE config, I wouldn't feel great about making the JSSE system properties 
be the only way to configure the accumulo client's SSL settings.  It's JVM 
global, and accumulo clients may well make connections to multiple services or 
provide their own SSL server.  Especially since I'm imagining the most common 
deployment will involve private roots, it seems overly restrictive to require 
the accumulo SSL config to be identical to the SSL config used across the 
entire client app.  However, I do think it makes sense to optionally tell 
accumulo to use the JSSE config.  I'll add that option.

I'm working on separating AccumuloConfiguration from ClientConfiguration now, 
but they will have to cross paths at some point in the codebase, since accumulo 
services need to be able to make thrift connections to other accumulo services, 
and they will ultimately get their config from AccumuloConfiguration.  Do you 
think it would make sense to have AccumuloConfiguration.getClientConfig()?  
Then, if we're in a context that does have an AccumuloConfiguration, we can 
access common code for creating connections, while contexts like 
ZooKeeperInstance need not know anything about it.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need 
> to encrypt communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to