accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Vines (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-489) Input Format puts Base64 encoded passwords in Configuration, which is world readable
Date Thu, 22 Mar 2012 17:52:22 GMT
Input Format puts Base64 encoded passwords in Configuration, which is world readable
------------------------------------------------------------------------------------

                 Key: ACCUMULO-489
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-489
             Project: Accumulo
          Issue Type: Improvement
          Components: client
    Affects Versions: 1.3.5, 1.4.0
            Reporter: John Vines
            Assignee: John Vines
             Fix For: 1.4.1


This has been a known issue, but I think it's about time we address it. Whena  user sets up
a mapreduce, they set their password in the configuration (Base64 encoded). This configuration
is world readable, meaning passwords are out there in cleartext. We need a mechanism in place
to try to keep this data private.

In hadoop 0.20.203, the private distributed cache was implemented. Any file placed in the
distributed cache which is not world readable/not in folders world executable automatically
get placed in the private distributed cache. The protection mechanism is simply being in the
tasktracker's local directory under a folder for the user with restricted permissions. This
should be adequate for protecting a users Accumulo password. So this should be as simple as
checking the set/getPassword functions to utilize this space rather than the configuration.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message