Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-8549

Upgrade MiNiFi default sensitive properties algorithm

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.16.0
    • MiNiFi
    • None

    Description

      • Could we please change the default algorithm for protecting sensitive property values to something stronger than the current selection? I would open a Jira if necessary, but this is one of those things that is really better to do before the first release so users have a backward-compatible config.yml file moving forward. If we change it in a subsequent release, we will need to do significant migration hand-holding. My suggestion would be "PBEWITHSHA256AND256BITAES-CBC-BC” which is significantly stronger, but after trying a few BC options, I continue to get EncryptionExceptions even though I have the JCE unlimited cryptographic strength jurisdiction policy files installed, so this may be a 0.0.2 fix. Is BouncyCastle not enabled by default?

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            exceptionfactory David Handermann
            alopresto Andy LoPresto
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 50m
                50m

                Slack

                  Issue deployment