ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Llewellyn (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-10192) Encrypt all passwords
Date Tue, 24 Mar 2015 14:35:03 GMT
Charles Llewellyn created AMBARI-10192:
------------------------------------------

             Summary: Encrypt all passwords
                 Key: AMBARI-10192
                 URL: https://issues.apache.org/jira/browse/AMBARI-10192
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-web
    Affects Versions: 1.6.1
            Reporter: Charles Llewellyn
            Priority: Minor


Hi,

We recently had a pen test conducted against Ambari. One of the issues highlighted was being
able to return the Nagios password in clear text via the API. Is it possible to encrypt the
password to prevent this behavior?

Thanks

Charlie



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message