mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Toenshoff (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-7292) Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.
Date Wed, 24 Jan 2018 23:56:00 GMT

    [ https://issues.apache.org/jira/browse/MESOS-7292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16338447#comment-16338447
] 

Till Toenshoff commented on MESOS-7292:
---------------------------------------

I have linked another environment handling improvement story as they could possibly be solved
in one go. 

> Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.
> -----------------------------------------------------------------------------
>
>                 Key: MESOS-7292
>                 URL: https://issues.apache.org/jira/browse/MESOS-7292
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>            Reporter: Alexander Rukletsov
>            Priority: Major
>              Labels: debugging, mesosphere, newbie++, security
>
> Consider a following scenario. A user passes some sensitive data in an environment variable
to a task. These data may be logged by Mesos components, e.g., executor as part of {{mesos-containerizer}}
invocation. While this is useful for debugging, this might be an issue in some production
environments.
> One of the solution is to have global "sensitive mode", that turns off logging of such
sensitive data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message