[
https://issues.apache.org/jira/browse/HADOOP-14833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-14833:
------------------------------------
Release Note:
The S3A connector no longer supports username and secrets in URLs of the form
`s3a://key:secret@bucket/`. It is near-impossible to stop those secrets being
logged —which is why a warning has been printed since Hadoop 2.8 whenever such
a URL was used.
Fix: use a more secure mechanism to pass down the secrets.
was:
After this patch, the S3A connector no longer supports username and secrets in
URLs of the form `s3a://key:secret@bucket/`. It is near-impossible to stop
those secrets being logged —which is why a warning has been printed since
Hadoop 2.8 whenever such a URL was used.
Fix: use a more secure mechanism to pass down the secrets.
> Remove s3a user:secret authentication
> -------------------------------------
>
> Key: HADOOP-14833
> URL: https://issues.apache.org/jira/browse/HADOOP-14833
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3, security
> Affects Versions: 3.0.0-beta1
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Major
> Fix For: 3.2.0
>
> Attachments: HADOOP-14833-001.patch, HADOOP-14833-002.patch
>
>
> Remove the s3a://user:secret@host auth mechanism from S3a.
> As well as being insecure, it causes problems with S3Guard's URI matching
> code.
> Proposed: cull it utterly. We've been telling people to stop using it since
> HADOOP-3733
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
