phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ash N <>
Subject Re: SSL Phoenix
Date Mon, 27 Nov 2017 12:25:12 GMT

Thank you for your comment.

Could you please  point me to any resources around the below statement you

" there are definitely the tools/configuration that exist to provide end to
end data  privacy  "

2.SSL is just not part of that picture :)

Above statement is contrary to my understanding.

Thought SSL enables secure connections.

Input as always is appropriated.


On Nov 26, 2017 8:58 PM, "Josh Elser" <> wrote:

Thanks, Ash. Just to confirm, there are definitely the tools/configuration
that exist to provide end to end data privacy (at rest and in motion). SSL
is just not part of that picture :)

On Nov 24, 2017 12:19, "Ash N" <> wrote:

> Josh,
> Thank you for your quick response.
> The data is sensitive personal data of customers.  Everything needs to be
> encrypted and secure.  In - wire, on-wire, in-motion, at rest, everything.
> Our solution was to use SSL/TLS everywhere.  Our development team reported
> that Phoenix does not support SSL. Therefore this is a big problem.
> Based on the above statements,  if you have additional ideas, I will
> gladly take them,
> if you have additional input please do provide.  I unfortunately have very
> limited to no knowledge on security.  So this becomes a challenge area for
> me.
> Meanwhile,  I will look up the link you have provided and will continue to
> do research on this topic.
> thanks,
> -ash
> On Fri, Nov 24, 2017 at 12:11 PM, Josh Elser <> wrote:
>> Why do you have a hard-requirement on using SSL?
>> HBase itself does not use SSL to provide confidentiality on its wire
>> communication, it relies on jGSS and SASL to implement this security. Under
>> the hood, this actually boils down to using GSSAPI, Kerberos specifically,
>> to implement privacy (e.g. aes256-cts-hmac-sha1-96).
>> Take a look at
>> html#_server_side_configuration_for_secure_operation. Phoenix executes
>> all of its RPCs over HBase RPCs, so if you have HBase set up correctly,
>> Phoenix will follow.
>> If you want to introduce the Phoenix Query Server into your architecture,
>> you can place it behind an SSL/TLS proxy server (or configure PQS directly
>> with SSL/TLS using a sufficiently new version of Phoenix). This would be
>> the only way I know of to "use Phoenix with SSL", but, in my experience,
>> this is rarely what people actually want when they say this ;)
>> Disclaimer: I have no idea how any of this translates to EMR :)
>> On 11/24/17 12:01 PM, Ash N wrote:
>>> Hello All,
>>> Thank you for the great work the team is doing on Phoenix.
>>> Summary :  does Phoenix support SSL connection in Amazon EMR Cluster?
>>> We are running Phoenix on EMR cluster in Amazon. We have a need to
>>> connect to Phoenix over SSL.  I don't see much documentation around this
>>> topic anywhere also I saw a couple of jira tickets that did not provide
>>> enough help or direction on this topic.
>>> If Phoenix does not support SSL connections what are my options?
>>> Starting off six months ago,  we assumed this should not be an issue.
>>> Now we are in big trouble.
>>> All and any help is greatly appreciated.
>>> Thanks
>>> Ash

View raw message