KUDU-1896 (part 2): enable redaction on the web UI When we first added log redaction, we decided not to enable redaction of the web UI. The reasoning at the time was that the primary motivation for log redaction was so that people could easily share logs outside of their network without fear of leaking sensitive data, but that defending data against "inside the network" readers was useless given lack of authentication.
Now, we have authentication and basic authorization support, so it makes more sense to consider preventing internal users from seeing data. Someone may have network access to the web UI but not supposed to have access to read data stored in Kudu. Given that, this patch enables redaction on the web pages. Note that this has a very important side effect as well: redaction is enabled for the /tracing and /rpcz endpoints. This is critical since both allow a remote user to snoop on RPC requests and responses, and those may include data such as authentication credentials as well as user data. With redaction now enabled, I verified that the traced data is properly redacted as well. I also verified that range partitions are still displayed un-redacted as desired, while RowSet boundary keys (which are user data) are now redacted. Change-Id: I4d31f87fd10d177adc2d98dcb049f3bcf6ecdbe2 Reviewed-on: http://gerrit.cloudera.org:8080/6193 Reviewed-by: Adar Dembo <[email protected]> Reviewed-by: Dan Burkert <[email protected]> Tested-by: Kudu Jenkins Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/3ae7fe1c Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/3ae7fe1c Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/3ae7fe1c Branch: refs/heads/master Commit: 3ae7fe1c93b24f88049db3fcd1a9d7bf5278942d Parents: 75279b5 Author: Todd Lipcon <[email protected]> Authored: Tue Feb 28 17:14:43 2017 -0800 Committer: Todd Lipcon <[email protected]> Committed: Wed Mar 1 02:25:11 2017 +0000 ---------------------------------------------------------------------- src/kudu/server/webserver.cc | 5 ----- 1 file changed, 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/3ae7fe1c/src/kudu/server/webserver.cc ---------------------------------------------------------------------- diff --git a/src/kudu/server/webserver.cc b/src/kudu/server/webserver.cc index fd1fcdd..06b6f6a 100644 --- a/src/kudu/server/webserver.cc +++ b/src/kudu/server/webserver.cc @@ -44,7 +44,6 @@ #include "kudu/util/env.h" #include "kudu/util/flag_tags.h" #include "kudu/util/locks.h" -#include "kudu/util/logging.h" #include "kudu/util/net/net_util.h" #include "kudu/util/subprocess.h" #include "kudu/util/url-coding.h" @@ -304,10 +303,6 @@ int Webserver::BeginRequestCallbackStatic(struct sq_connection* connection) { int Webserver::BeginRequestCallback(struct sq_connection* connection, struct sq_request_info* request_info) { - // Redaction is disabled from the web UI. This affects operations like default - // value and scan predicate pretty printing. - ScopedDisableRedaction disable_redaction; - PathHandler* handler; { shared_lock<RWMutex> l(lock_);
