hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10428) JavaKeyStoreProvider should accept keystore password via configuration falling back to ENV VAR
Date Fri, 04 Apr 2014 16:56:21 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960123#comment-13960123
] 

Benoy Antony commented on HADOOP-10428:
---------------------------------------

1. Instead of reading the password to a _String_,  it is more secure to read it directly to
a  character array. Note that you will eventually convert this to a character array.
2. Note that there is normally a one to one correspondence between URI ( keystore location)
 and  its password. But this class supports only one password for all keystore URIs. So there
is a mismatch in cardinality between URI and password. I believe , the URI or a string derived
from it should be used in obtaining  password.

BTW , the above concerns may not be the scope of this jira. If so, please indicate and I can
file another jira to take care of them.


> 	JavaKeyStoreProvider should accept keystore password via configuration falling back
to ENV VAR
> -----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10428
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10428
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HADOOP-10428.patch, HADOOP-10428.patch, HADOOP-10428.patch
>
>
> Currently the password for the {{JavaKeyStoreProvider}} must be set in an ENV VAR.
> Allowing the password to be set via configuration enables applications to interactively
ask for the password before initializing the {{JavaKeyStoreProvider}}.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message