hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-15325) Add an option to make Configuration.getPassword() not to fallback to read passwords from configuration.
Date Tue, 20 Mar 2018 18:05:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Wei-Chiu Chuang updated HADOOP-15325:
-------------------------------------
    Attachment:     (was: HADOOP-15325.001.patch)

> Add an option to make Configuration.getPassword() not to fallback to read passwords from
configuration.
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-15325
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15325
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: conf
>    Affects Versions: 2.6.0
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>            Priority: Major
>
> HADOOP-10607 added a public API Configuration.getPassword() which reads passwords from
credential provider and then falls back to reading from configuration if one is not available.
> This API has been used throughout Hadoop codebase and downstream applications. It is
understandable for old password configuration keys to fallback to configuration to maintain
backward compatibility. But for new configuration passwords that don't have legacy, there
should be an option to _not_ fallback, because storing passwords in configuration is considered
a bad security practice.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message