[
https://issues.apache.org/jira/browse/SENTRY-486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tuong Truong updated SENTRY-486:
--------------------------------
Description:
Currently, the db store database password is in plain-text in the
sentry-site.xml file. This is a security issue. We need to be able to support
encrypted password in the config file.
We plan to add a couple of property into the sentry-site.xml file. So in
addition to the existing:
<property>
<name>sentry.store.jdbc.user</name>
<value>sentry</value>
</property>
<property>
<name>sentry.store.jdbc.password</name>
<value>test</value>
</property>
we propose to add:
<property>
<name>sentry.store.jdbc.password.encrypted</name>
<value>true</value> // This indicate to Sentry that the password is
encrypted - Default = false
</property>
<property>
<name>sentry.store.jdbc.password.decryptor</name>
<value>org.test.decryptor</value> // This is the class needed to use to
decrypt the password
</property>
Sentry will invoke the decrypt() method on org.test.decryptor to obtain the
decrypted password to configure DataNucleus.
was:
Currently, the db store database password is in plain-text in the
sentry-site.xml file. This is a security issue. We need to be able to support
encrypted password in the config file.
We plan to add a couple of property into the sentry-site.xml file. So in
addition to the existing:
<property>
<name>sentry.store.jdbc.user</name>
<value>sentry</value>
</property>
<property>
<name>sentry.store.jdbc.password</name>
<value>test</value>
</property>
we propose to add:
<property>
<name>sentry.store.jdbc.password.encrypted</name>
<value>true</value>
</property>
<property>
<name>sentry.store.jdbc.password.decrypt.class</name>
<value>org.test.password.decrypt</value>
</property>
> Add database password obfuscation support for sentry-site.xml
> -------------------------------------------------------------
>
> Key: SENTRY-486
> URL: https://issues.apache.org/jira/browse/SENTRY-486
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Tuong Truong
> Assignee: Tuong Truong
> Labels: security
> Original Estimate: 16h
> Remaining Estimate: 16h
>
> Currently, the db store database password is in plain-text in the
> sentry-site.xml file. This is a security issue. We need to be able to
> support encrypted password in the config file.
> We plan to add a couple of property into the sentry-site.xml file. So in
> addition to the existing:
> <property>
> <name>sentry.store.jdbc.user</name>
> <value>sentry</value>
> </property>
> <property>
> <name>sentry.store.jdbc.password</name>
> <value>test</value>
> </property>
> we propose to add:
> <property>
> <name>sentry.store.jdbc.password.encrypted</name>
> <value>true</value> // This indicate to Sentry that the password is
> encrypted - Default = false
> </property>
> <property>
> <name>sentry.store.jdbc.password.decryptor</name>
> <value>org.test.decryptor</value> // This is the class needed to use to
> decrypt the password
> </property>
> Sentry will invoke the decrypt() method on org.test.decryptor to obtain the
> decrypted password to configure DataNucleus.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
