great, thanks!
On Wed, Jul 23, 2014 at 3:25 PM, Derek Dagit <der...@yahoo-inc.com> wrote: > In the security branch of storm, worker-worker communication are encrypted > (blowfish) with a shared secret. > > STORM-348 will add authentication to worker-worker. > > For thrift (nimbus & drpc), the security branch has SASL/kerberos > authentication, and you should be able to configure encryption via SASL as > well. We have not tried enabling encryption with SASL. > -- > Derek > > > On 7/23/14, 14:05, Isaac Councill wrote: > >> Hi, >> >> I've been working with storm on mesos but I need to make sure all workers >> are messaging over SSL since streams may contain sensitive information for >> almost all of my use cases. >> >> stunnel seems like a viable option but I dislike having complex port >> forwarding arrangements and would prefer code to config in this case. >> >> As an exercise to see how much work it would be, I forked storm and >> modified the storm-netty package to use SSL with the existing nio. Not so >> bad, and lein tests pass. >> >> Still wrapping my head around the storm codebase. Would using my modified >> storm-netty Context as storm.messaging.transport be enough to ensure >> streams are encrypted, or would I need to also attack the thrift transport >> plugin? >> >> Also, is anyone else interested in locking storm down with SSL? >> >>
