ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sumit Mohanty (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-2397) Unencrypted master key stored in temporary file
Date Tue, 18 Jun 2013 15:26:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-2397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13686823#comment-13686823
] 

Sumit Mohanty commented on AMBARI-2397:
---------------------------------------

Will this log the actual password or an encrypted one - in any case, do we need these log?
-480,6 +479,7 @@ public class Configuration {
LOG.info("password=>"+dbpasswd);

@@ -117,6 +117,7 @@ public class MasterKeyServiceImpl implements MasterKeyService {
+      LOG.debug("Master Key initialized: " + masterKey);

We can delete the IOException catch.
             } catch (IOException e) {
               LOG.error("Cannot read master key from file: " + keyPath);
               e.printStackTrace();
+            } catch (Exception e) {
+              LOG.error("Cannot read master key from file: " + keyPath);
+              e.printStackTrace();





                
> Unencrypted master key stored in temporary file
> -----------------------------------------------
>
>                 Key: AMBARI-2397
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2397
>             Project: Ambari
>          Issue Type: Bug
>          Components: controller
>    Affects Versions: 1.2.5
>            Reporter: Siddharth Wagle
>            Assignee: Siddharth Wagle
>             Fix For: 1.2.5
>
>         Attachments: AMBARI-2397.patch
>
>
> Master key in secure mode, when not persisted is passed between python process and JVM
using temporary files. The key itself is stored in clear text and should be encrypted.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message