[jira] [Commented] (HADOOP-15158) AliyunOSS: Supports role based credential in URL

Thu, 08 Mar 2018 05:12:28 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16391230#comment-16391230
 ] 

Steve Loughran commented on HADOOP-15158:
-----------------------------------------

Is this adding the idea of putting user:secret into the URI? If so, I'm going 
to have to -1 it on security grounds.

If you look at HADOOP-3733 you can see the effort I had to put in to try and 
keep secrets embedded in s3n/s3a URLs out of logs, and even then failed. If you 
put confidental secrets in URLs, they get into Paths, which get into error 
messages and stack traces, and so into bug reports. I know this, I've seen it. 
It's why I'm getting close to cutting the user:secret feature from S3A 
entirely. except if users explicity enable it with an option to make clear you 
shouldn't be doing it "fs.s3a.dangerous.secrets.in.uris".

S3a does per-bucket settings on URIs & lets you hide secrets in URLs, ADL had 
just added this (HADOOP-13972). I believe this is the better way to do it, as 
it also lets you tune any other option  on a container-by-container basis

> AliyunOSS: Supports role based credential in URL
> ------------------------------------------------
>
>                 Key: HADOOP-15158
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15158
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/oss
>    Affects Versions: 3.0.0
>            Reporter: wujinhu
>            Assignee: wujinhu
>            Priority: Major
>         Attachments: HADOOP-15158.001.patch, HADOOP-15158.002.patch, 
> HADOOP-15158.003.patch, HADOOP-15158.004.patch, HADOOP-15158.005.patch
>
>
> Currently, AliyunCredentialsProvider supports credential by 
> configuration(core-site.xml). Sometimes, admin wants to create different 
> temporary credential(key/secret/token) for different roles so that one role 
> cannot read data that belongs to another role.
> So, our code should support pass in the URI when creates an 
> XXXCredentialsProvider so that we can get user info(role) from the URI



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to