Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo >> mail # dev >> ACCUMULO-958 - Pluggable encryption in walogs

Copy link to this message
Re: ACCUMULO-958 - Pluggable encryption in walogs

Mike Allen is still working on ACCUMULO-958, and will have an updated patch
in the next couple of weeks. We were hoping to get the more complete
encryption strategy into 1.5, but were not able to complete it by feature
freeze. However, the WAL encryption as is, when configured with the default
settings, should be no harm to 1.5 -- there's no reason to pull it out or
get concerned about it. We just can't advertise it as a feature of 1.5.
This is one of the reasons why some of the methods are marked as deprecated.

The more complete encryption story, which should be in place for the 1.6
release, should be discussed in ACCUMULO-998.


On Wed, Jan 30, 2013 at 9:13 AM, Josh Elser <[EMAIL PROTECTED]> wrote:

> All,
> It's been a few days and I haven't seen much chatter at all on
> ACCUMULO-958 [1] since the patch was applied. There are a couple of
> concerns I have that I definitely want to see addressed before a 1.5.0
> release.
> - It worries me that the provided patch is fail-open (when we can't load
> the configured encryption strategies/modules, we don't decrypt anything. I
> think for a security-minded database, we should probably be defaulting to
> fail-close; but, that brings up an issue, what happens when we can't
> encrypt a WAL? Do minor compactions fail gracefully? What does Accumulo do?
> - John said he had been reviewing the patch before he applied it; it
> bothers me that there was a version of this patch that had been reviewed
> privately for some amount of time when we had already pushed back the
> feature freeze date by a week waiting for features that weren't done.
> - The author noted himself with the deprecation of the CryptoModule
> interface that "we anticipate changing [this] in non-backwards compatible
> ways as we explore requirements for encryption in Accumulo...". This tells
> me that implementation of WAL encryption overall hasn't been properly
> thought out.
> Given all of this, it gives me great pause to knowingly include this patch
> into a 1.5.0 release. I see no signs that this has been truly thought out,
> there is no default provided encryption strategy for 1.5.0 with this patch
> for the WAL and there is still no support at all for RFile encryption (no
> end-to-end Accumulo encryption for a user). All of these issues considered
> make me believe that this is an incomplete feature that is not ready for an
> Apache Accumulo release.
> Thoughts?
> - Josh
> [1] https://issues.apache.org/**jira/browse/ACCUMULO-958<https://issues.apache.org/jira/browse/ACCUMULO-958>