Uploaded image for project: 'Pentaho Data Integration - Kettle'
  1. Pentaho Data Integration - Kettle
  2. PDI-6170

As an Administrator, I want to avoid a JVM dump or define in memory encryption of data

    Details

    • Type: New Feature
    • Status: Open
    • Severity: Medium
    • Resolution: Unresolved
    • Affects Version/s: 4.1.2
    • Fix Version/s: Not Planned
    • Component/s: API
    • Labels:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.

      Description

      Use case is for security reasons, avoid dumping the JVM memory etc.

      Ideas:

      • We may think of a new storage type, delete temporarily unencrypted objects after their usage, eventually involve GC.
      • Or even think of a pluggable data policy on the row level. (e.g. custom plug-in checks at first time of object creation if this field (e.g. defined by the field name or other criteria defined by the custom plug-in) is defined as sensitive data and need to be encrypted).

        Issue Links

          Activity

          Hide
          mcasters Matt Casters added a comment - - edited

          I don't even know what all this means. In general a user either has access to the VM or not. If access is possible there is no telling what you can do.
          That's simply the end of the story. There are no work-arounds or whatever to make that any harder.
          In-memory encryption is no use if the decryption algorithm is somewhere available to the VM.

          Show
          mcasters Matt Casters added a comment - - edited I don't even know what all this means. In general a user either has access to the VM or not. If access is possible there is no telling what you can do. That's simply the end of the story. There are no work-arounds or whatever to make that any harder. In-memory encryption is no use if the decryption algorithm is somewhere available to the VM.
          Hide
          mbatchelor Marc Batchelor added a comment -

          My research shows that the only way to protect yourself from people examining a heap dump to prevent heap dumps:

          1- -XX:HeapDumpPath=/dev/null

          2- In *nix systems, you can disable all core dumps (not java specific) with (the -H is a hard limit):
          ulimit -c -H 0

          Show
          mbatchelor Marc Batchelor added a comment - My research shows that the only way to protect yourself from people examining a heap dump to prevent heap dumps: 1- -XX:HeapDumpPath=/dev/null 2- In *nix systems, you can disable all core dumps (not java specific) with (the -H is a hard limit): ulimit -c -H 0
          Show
          jbleuel Jens Bleuel added a comment - See also http://wiki.pentaho.com/display/EAI/Security+Considerations+and+Encryption+with+Kettle

            People

            • Assignee:
              Unassigned
              Reporter:
              jbleuel Jens Bleuel
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: