[
https://issues.apache.org/jira/browse/HADOOP-15351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418725#comment-16418725
]
Steve Loughran commented on HADOOP-15351:
-----------------------------------------
I think this is potentially an overreaction. Asking for password fields except
through getPassword(), bad. Asking for password fields through it, good.
Placing passwords in a config, often defensible.
I'm thinking here of cloud storage secrets which are often set dynamically in
code, such as ain a spark.set("spark.hadoop.fs.s3a.secret.key",
"mysecretkey":), and so in a transient configuration for the duration of that
job. We are only just weaning people off puting the login secrets in the URI
itself, so to say "no, now you have to use a JCEKS file and somehow propagate
that round the cluster" is going to fail achieve the desired outcome.
> Deprecate all existing password fields in hadoop configuration
> --------------------------------------------------------------
>
> Key: HADOOP-15351
> URL: https://issues.apache.org/jira/browse/HADOOP-15351
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Wei-Chiu Chuang
> Priority: Major
>
> In HADOOP-15325 [~shv] suggests we should mark all password fields in
> configuration file deprecated.
> Raise this Jira to track this work in HADOOP side.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
