Hi, The problem is that Ranger needs to know the password, to reach out to the service, so it must store the password somewhere in a decryptable state. Ideally, every service/protocol should support kerberos, so authentication could work without passwords.
Regards, Zsombor On Tue, Jan 8, 2019 at 2:21 PM Rempter, A. (Adam) <[email protected]> wrote: > Hello there, > > While using Ranger I noticed that when I create service def with input > property: > { > "itemId": 3, > "name": "password", > "type": "password", > "subType": "", > "mandatory": true, > "validationRegEx": "", > "validationMessage": "", > "uiHint":"", > "label": "Secret key" > } > > Ranger will encrypt it using: > > if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) { > String cryptConfigString = CRYPT_ALGO + "," > + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT + "," + configValue; > String encryptedPwd = > PasswordUtils.encryptPassword(cryptConfigString); > > Problem is that all encryption parameters are stored next to password > (encryption key and salt): > > | 609 | NULL | 2019-01-08 10:07:33 | 2019-01-08 10:07:34 | 1 | > 1 | 82 | password | > PBEWithMD5AndDES,tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV,f77aLYLo,1000,6IxJOOpoFsJXyLNjNf/M9Q== > > Even if I change default ones in > $ranger_home/ews/webapp/WEB-INF/classes/conf/ranger-admin-default-site.xml, > they will still be storred in db > > Is this know issue? Basically it means that password can be decrypted with > little effort… > > Thanks, > Adam Rempter > > > ING Business Shared Services B.V. z siedzibą w Amsterdamie, Holandia, VAT > PL 526-319-58-54, działająca w Polsce w formie oddziału, pod firmą ING > Business Shared Services B.V. spółka z ograniczoną odpowiedzialnością > Oddział w Polsce z siedzibą w Katowicach, ul. Konduktorska 35, 40-155 > Katowice, NIP: 2050005130, wpisana do rejestru przedsiębiorców Krajowego > Rejestru Sądowego prowadzonego przez Sąd Rejonowy Katowice-Wschód w > Katowicach, VIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod > numerem KRS 0000702305. >
