[
https://issues.apache.org/jira/browse/SENTRY-486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tuong Truong updated SENTRY-486:
--------------------------------
Attachment: SENTRY-486-0.patch
Patch for handling sentry-site.xml password obfuscation or encryption.
> Add database password obfuscation support for sentry-site.xml
> -------------------------------------------------------------
>
> Key: SENTRY-486
> URL: https://issues.apache.org/jira/browse/SENTRY-486
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Tuong Truong
> Assignee: Tuong Truong
> Labels: security
> Attachments: SENTRY-486-0.patch
>
> Original Estimate: 16h
> Remaining Estimate: 16h
>
> Currently, the db store database password is in plain-text in the
> sentry-site.xml file. This is a security issue. We need to be able to
> support encrypted password in the config file.
> We plan to add a couple of property into the sentry-site.xml file. So in
> addition to the existing:
> <property>
> <name>sentry.store.jdbc.user</name>
> <value>sentry</value>
> </property>
> <property>
> <name>sentry.store.jdbc.password</name>
> <value>test</value>
> </property>
> we propose to add:
> <property>
> <name>sentry.store.jdbc.password.encrypted</name>
> <value>true</value> // This indicate to Sentry that the password is
> encrypted - Default = false
> </property>
> <property>
> <name>sentry.store.jdbc.password.cryptor</name>
> <value>org.test.decryptor</value> // This is the class needed to use to
> decrypt the password
> </property>
> Sentry will invoke the decrypt() method on org.test.decryptor to obtain the
> decrypted password to configure DataNucleus.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
