[
https://issues.apache.org/jira/browse/ACCUMULO-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Vines resolved ACCUMULO-489.
---------------------------------
Resolution: Fixed
> Input Format puts Base64 encoded passwords in Configuration, which is world
> readable
> ------------------------------------------------------------------------------------
>
> Key: ACCUMULO-489
> URL: https://issues.apache.org/jira/browse/ACCUMULO-489
> Project: Accumulo
> Issue Type: Improvement
> Components: client
> Affects Versions: 1.4.0, 1.3.5
> Reporter: John Vines
> Assignee: John Vines
> Labels: security
> Fix For: 1.5.0, 1.4.1
>
>
> This has been a known issue, but I think it's about time we address it. Whena
> user sets up a mapreduce, they set their password in the configuration
> (Base64 encoded). This configuration is world readable, meaning passwords are
> out there in cleartext. We need a mechanism in place to try to keep this data
> private.
> In hadoop 0.20.203, the private distributed cache was implemented. Any file
> placed in the distributed cache which is not world readable/not in folders
> world executable automatically get placed in the private distributed cache.
> The protection mechanism is simply being in the tasktracker's local directory
> under a folder for the user with restricted permissions. This should be
> adequate for protecting a users Accumulo password. So this should be as
> simple as checking the set/getPassword functions to utilize this space rather
> than the configuration.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
