Supreeth Sharma created ZEPPELIN-3323:

             Summary: SSL Passwords are stored in plaintext and world readable 
in zeppelin-site.xml
                 Key: ZEPPELIN-3323
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-server
    Affects Versions: 0.7.3
            Reporter: Supreeth Sharma

'zeppelin.ssl.key.manager.password', 'zeppelin.ssl.keystore.password', 
'zeppelin.ssl.truststore.password' are stored as plaintext in zeppelin-site.xml 
and by default every body has read permission on this file.

[root@ctr-e138-1518143905142-88013-01-000003 ~]# ls -ltr 
-rw-r--r-- 1 zeppelin zeppelin 4090 Mar 11 16:30 

Either we should encrypt these passwords or atleast have appropriate file 
permissions to restrict every one from reading the password.

This message was sent by Atlassian JIRA

Reply via email to