Repository: zeppelin Updated Branches: refs/heads/master 4a3057fa8 -> ed8755d3f
[Minor] Remove hardcoded key in zeppelinhub. ### What is this PR for? Hardcoded seed/key may cause security issue, so remove potential risk. ### What type of PR is it? [Improvement] ### Todos No. ### What is the Jira issue? No jira created. Author: Yanbo Liang <[email protected]> Closes #2621 from yanboliang/key and squashes the following commits: 251528306 [Yanbo Liang] Remove hardcoded key in zeppelinhub. Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/ed8755d3 Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/ed8755d3 Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/ed8755d3 Branch: refs/heads/master Commit: ed8755d3f664779ac14a62b6b1e49a26d4c6c69d Parents: 4a3057f Author: Yanbo Liang <[email protected]> Authored: Wed Oct 11 16:13:55 2017 -0700 Committer: Prabhjyot Singh <[email protected]> Committed: Sat Oct 14 10:54:29 2017 +0530 ---------------------------------------------------------------------- .../notebook/repo/zeppelinhub/security/Authentication.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/ed8755d3/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java ---------------------------------------------------------------------- diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java index fd5142b..38d8b50 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/repo/zeppelinhub/security/Authentication.java @@ -47,7 +47,6 @@ public class Authentication implements Runnable { // Cipher is an AES in CBC mode private static final String CIPHER_ALGORITHM = "AES"; private static final String CIPHER_MODE = "AES/CBC/PKCS5PADDING"; - private static final String KEY = "AbtEr99DxsWWbJkP"; private static final int ivSize = 16; private static final String ZEPPELIN_CONF_ANONYMOUS_ALLOWED = "zeppelin.anonymous.allowed"; @@ -198,7 +197,7 @@ public class Authentication implements Runnable { private Key generateKey() { try { KeyGenerator kgen = KeyGenerator.getInstance(CIPHER_ALGORITHM); - kgen.init(128, new SecureRandom(toBytes(KEY))); + kgen.init(128, new SecureRandom()); SecretKey secretKey = kgen.generateKey(); byte[] enCodeFormat = secretKey.getEncoded(); return new SecretKeySpec(enCodeFormat, CIPHER_ALGORITHM);
