aurora-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Sweeney <kswee...@twitter.com.INVALID>
Subject Re: H2 database admin console
Date Tue, 16 Sep 2014 18:23:30 GMT
To be clear I'm acknowledging the security concerns as real (unprivileged
accounts can usually run ps to see what's running locally, and write access
to this database is essentially root on the whole cluster, so some basic
protection is reasonable).

As far as code burden, the difference between taking a flag and loading a
properties files is relatively small, and we already have precedent for
loading a secrets-filled properties file in DriverFactory.java.

On Tue, Sep 16, 2014 at 10:54 AM, Maxim Khutornenko <maxim@apache.org>
wrote:

> +1 on the command-line approach. There was a bit of a debate around it
> when it was proposed for the framework auth but its simplicity
> outweighed potential security concerns.
>
> On Tue, Sep 16, 2014 at 10:34 AM, Kevin Sweeney <kevints@apache.org>
> wrote:
> > There's precedent to take secrets as a properties file on the
> command-line
> > (-framework_authentication_file), my vote is that we follow that.
> >
> > On Tue, Sep 16, 2014 at 10:17 AM, Joshua Cohen
> <jcohen@twitter.com.invalid>
> > wrote:
> >
> >> Providing the password directly via the command line seems like it
> would be
> >> a security issue (anyone who can `ps` on the box could see the
> password?).
> >> Is there something I'm missing? Would it be possible (and if so, would
> it
> >> be desirable?) to start up the web console as a user who only has read
> >> access to the database? If we're only worried about someone tinkering
> with
> >> the data, but not worried about locking down read access that might be a
> >> cleaner solution.
> >>
> >> On Tue, Sep 16, 2014 at 9:58 AM, Bill Farner <wfarner@apache.org>
> wrote:
> >>
> >> > Since beginning migration of the internal database to H2, i've wanted
> to
> >> > include the H2 web console [1] as a means for debugging the internal
> >> > scheduler state.  If we do that, we need to password-protect the
> database
> >> > to prevent unauthorized tinkering.
> >> >
> >> > Does anybody have a preference for where the scheduler gets that
> >> password?
> >> >  The obvious choices are directly on the command line, or from a file
> >> > referenced on the command line.  However, i'm open to ideas i haven't
> >> > thought of.
> >> >
> >> > [1] http://www.h2database.com/html/quickstart.html#h2_console
> >> > (ignore the windows/launching instructions - we will embed it as a
> >> servlet)
> >> >
> >> >
> >> > -=Bill
> >> >
> >>
>



-- 
Kevin Sweeney
@kts

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message