Encryption without proper key management only addresses the 'stolen
hard drive' problem.
So far I have not found 100% satisfactory solutions to this hard
problem. I've written OSS (Open Secret Server) partly to address this
problem in Pig, i.e. accessing encrypted data without embedding key
info into the job description file. Proper encrypted data handling
implies striict code review though, as in the case of Pig databags are
spillable and you could end up with unencrypted data stored on disk
OSS http://github.com/hbs/oss and the Pig specific code:
On Tue, Feb 26, 2013 at 6:33 AM, Seonyeong Bak <[EMAIL PROTECTED]> wrote:
> I didn't handle a key distribution problem because I thought that this
> problem is more difficult.
> I simply hardcode a key into the code.
> A challenge related to security are handled in HADOOP-9331, MAPREDUCE-5025,
> and so on.