[jira] [Commented] (AIRFLOW-3165) Document use of interpolation by ConfigParser

Sat, 06 Oct 2018 13:53:03 -0700 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-3165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16640870#comment-16640870
 ] 

ASF GitHub Bot commented on AIRFLOW-3165:
-----------------------------------------

kaxil closed pull request #4007: [AIRFLOW-3165] Document interpolation of '%' 
and warn
URL: https://github.com/apache/incubator-airflow/pull/4007
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/docs/security.rst b/docs/security.rst
index 23f7cc0303..9f6740d041 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -10,6 +10,12 @@ backends or creating your own.
 
 Be sure to checkout :doc:`api` for securing the API.
 
+.. note::
+
+   Airflow uses the config parser of Python. This config parser interpolates 
'%'-signs.
+   Make sure not to have those in your passwords if they do not make sense, 
otherwise
+   Airflow might leak these passwords on a config parser exception to a log.
+
 Web Authentication
 ------------------
 


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Document use of interpolation by ConfigParser
> ---------------------------------------------
>
>                 Key: AIRFLOW-3165
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3165
>             Project: Apache Airflow
>          Issue Type: Improvement
>            Reporter: Bolke de Bruin
>            Priority: Major
>
> The config parser interpolates '%' in variables. This can lead to issues when 
> specifiying passwords. As we cant disable inerpolation on a per variable we 
> need to document that people should not use a % sign in their passwords.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to