[jira] [Commented] (HADOOP-15325) Make Configuration#getPasswordFromCredentialsProvider() a public API

Mon, 02 Apr 2018 05:39:12 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16422210#comment-16422210
 ] 

Steve Loughran commented on HADOOP-15325:
-----------------------------------------

[~shv] that JIRA is about HDFS secrets; feel free to do what you want there, as 
long as changes to hadoop-common aren't made outside of HADOOP-* JIRAs. You are 
doing the right thing here.

 I'm worrying about storing secrets about object stores, where we are still 
getting people to stop putting secrets in Path URIs (HADOOP-3733). There's a 
common practise in spark now for people to set the settings in their spark conf 
now:

{code}
spark.hadoop.fs.s3a.access.key 
spark.hadoop.fs.s3a.secret.key MySecretKey
{code}

This isn't great, but its better than before, and if you use session 
credentials instead then the secrets expire pretty fast.

I don't want to break all this code, especially as the object store connectors 
are still rolling out their support for JCEKS files.

> Make Configuration#getPasswordFromCredentialsProvider() a public API
> --------------------------------------------------------------------
>
>                 Key: HADOOP-15325
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15325
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: conf
>    Affects Versions: 2.6.0
>            Reporter: Wei-Chiu Chuang
>            Assignee: Zsolt Venczel
>            Priority: Major
>
> HADOOP-10607 added a public API Configuration.getPassword() which reads 
> passwords from credential provider and then falls back to reading from 
> configuration if one is not available.
> This API has been used throughout Hadoop codebase and downstream 
> applications. It is understandable for old password configuration keys to 
> fallback to configuration to maintain backward compatibility. But for new 
> configuration passwords that don't have legacy, there should be an option to 
> _not_ fallback, because storing passwords in configuration is considered a 
> bad security practice.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to