Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-10024

Encrypt network traffic between all MP clients and Thor sort sockets

    XMLWordPrintable

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 8.2.0
    • Dali

    Description

      Currently, Dali clients that access ~foreign:: files in other environments, do so by effectively redirecting the username and password credentials over an insecure socket to the remote Dali.
      The credentials are encrypted, but it's security by obscurity and can be thwarted by knowing the code that encrypts.

      Client (including the local Dali) should be able to make a secure connection to the remote Dali using SSH.

      This will ensure the credentials as well as all meta info are encrypted between the two environments.

      richardkchapmanrusswhiteheadafishbeckghallidaystuartort

      There should be a Dali configuration option to only accept secure connections.

      Ideally the SSL connectivity would be implemented such that components could switch to using it relatively seamlessly, e.g. a implementation of ISocket.
      In fact we already have ISecureSocket which is a derivative, however it is only partially implemented.
      For Dali connectivity, MP would need to support SSL also.

      Attachments

        Issue Links

          is duplicated by

          Sub-task - The sub-task of the issue HPCC-13568 Encryption in transit for thor

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HPCC-10002 Investigate how to create a SSH connection between clients and Dali

          • Not specified - Priority has not been specified
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. HPCC-12140 Encryption of data in transit and at rest

          • Major - Major loss of function.
          • Accepted

          Improvement - An improvement or enhancement to an existing feature or task. HPCC-25875 Roxie toposerver TLS support

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Accepted

          Bug - A problem which impairs or prevents the functions of the product. HPCC-10739 Publish with remote dali needs username and password field

          • Not specified - Priority has not been specified
          • Resolved

          Regression - A problem introduced by a previous change, which has not been included in any released version. HPCC-26078 ISocket leak regression in Thor global sort

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              mckellyln Mark Kelly
              jakesmith Jake Smith
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: