Return-Path: X-Original-To: apmail-accumulo-dev-archive@www.apache.org Delivered-To: apmail-accumulo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C3E60C3C8 for ; Wed, 9 May 2012 18:50:11 +0000 (UTC) Received: (qmail 66668 invoked by uid 500); 9 May 2012 18:50:11 -0000 Delivered-To: apmail-accumulo-dev-archive@accumulo.apache.org Received: (qmail 66582 invoked by uid 500); 9 May 2012 18:50:11 -0000 Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list dev@accumulo.apache.org Received: (qmail 66571 invoked by uid 99); 9 May 2012 18:50:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 May 2012 18:50:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 May 2012 18:50:10 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 406A948A0C4 for ; Wed, 9 May 2012 18:49:50 +0000 (UTC) Date: Wed, 9 May 2012 18:49:50 +0000 (UTC) From: "John Vines (JIRA)" To: dev@accumulo.apache.org Message-ID: <1438666309.45865.1336589390265.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Resolved] (ACCUMULO-489) Input Format puts Base64 encoded passwords in Configuration, which is world readable MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/ACCUMULO-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] John Vines resolved ACCUMULO-489. --------------------------------- Resolution: Fixed Fix Version/s: 1.5.0 > Input Format puts Base64 encoded passwords in Configuration, which is world readable > ------------------------------------------------------------------------------------ > > Key: ACCUMULO-489 > URL: https://issues.apache.org/jira/browse/ACCUMULO-489 > Project: Accumulo > Issue Type: Improvement > Components: client > Affects Versions: 1.4.0, 1.3.5 > Reporter: John Vines > Assignee: John Vines > Labels: security > Fix For: 1.5.0, 1.4.1 > > > This has been a known issue, but I think it's about time we address it. Whena user sets up a mapreduce, they set their password in the configuration (Base64 encoded). This configuration is world readable, meaning passwords are out there in cleartext. We need a mechanism in place to try to keep this data private. > In hadoop 0.20.203, the private distributed cache was implemented. Any file placed in the distributed cache which is not world readable/not in folders world executable automatically get placed in the private distributed cache. The protection mechanism is simply being in the tasktracker's local directory under a folder for the user with restricted permissions. This should be adequate for protecting a users Accumulo password. So this should be as simple as checking the set/getPassword functions to utilize this space rather than the configuration. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira