ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandor Molnar (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMBARI-22571) Handle passwords/sensitive data in Ambari configuration properties
Date Fri, 01 Dec 2017 15:05:00 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-22571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274483#comment-16274483
] 

Sandor Molnar edited comment on AMBARI-22571 at 12/1/17 3:04 PM:
-----------------------------------------------------------------

[~rlevas]

Thanks for this hint.

I've the following questions:
* When you say 'hide' do you mean replacing the content with * characters let's say or do
you mean to actually not show (cut out) that name/value pair?
* What kind of data do we consider sensitive? Only passwords? If not, could you please give
me a hint?
* Is it a valid assumption that we do want to do this on any level (i.e. we hide passwords
on all layers for any services)?

Thanks.


was (Author: smolnar):
[~rlevas]

Thanks for this hint.

I've the following questions:
* When you say 'hide' do you mean replacing the content with * characters let's say or do
you mean to actually not show (cut out) that name/value pair?
* What kind of data do we consider sensitive? Only passwords? If not, could you please give
me a hint?
* Is it a valid assumption that we do want to do this on any level (i.e. we hide passwords
on all layers for any services)?

Thanks.

> Handle passwords/sensitive data in Ambari configuration properties
> ------------------------------------------------------------------
>
>                 Key: AMBARI-22571
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22571
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Minor
>              Labels: config, security
>             Fix For: trunk
>
>
> Passwords and other sensitive data stored as values to properties in Ambari configurations
need to be masked or not stored in cleartext.
> For example, {{ldap-configuration/ambari.ldap.connectivity.trust_store.password}} and
ldap-{{configuration/ambari.ldap.connectivity.bind_password}}.
> If the Ambari credential store is enabled (which might be by default as of Ambari 3.0.0),
the sensitive date can be stored there like we do when sensitive data is to be stored in the
ambari.properties file - see {{org.apache.ambari.server.security.encryption.CredentialStoreService}}.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message