hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-15325) Add an option to make Configuration.getPassword() not to fallback to read passwords from configuration.
Date Mon, 19 Mar 2018 16:47:00 GMT
Wei-Chiu Chuang created HADOOP-15325:
----------------------------------------

             Summary: Add an option to make Configuration.getPassword() not to fallback to
read passwords from configuration.
                 Key: HADOOP-15325
                 URL: https://issues.apache.org/jira/browse/HADOOP-15325
             Project: Hadoop Common
          Issue Type: Improvement
          Components: conf
    Affects Versions: 2.6.0
            Reporter: Wei-Chiu Chuang
            Assignee: Wei-Chiu Chuang


HADOOP-10607 added a public API Configuration.getPassword() which reads passwords from credential
provider and then falls back to reading from configuration if one is not available.

This API has been used throughout Hadoop codebase and downstream applications. It is understandable
for old password configuration keys to fallback to configuration to maintain backward compatibility.
But for new configuration passwords that don't have legacy, there should be an option to _not_ fallback,
because storing passwords in configuration is considered a bad security practice.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org


Mime
View raw message