[
https://issues.apache.org/jira/browse/HDFS-16563?focusedWorklogId=763292&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-763292
]
ASF GitHub Bot logged work on HDFS-16563:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 28/Apr/22 05:14
Start Date: 28/Apr/22 05:14
Worklog Time Spent: 10m
Work Description: Hexiaoqiao commented on PR #4241:
URL: https://github.com/apache/hadoop/pull/4241#issuecomment-1111754159
@prasad-acit Thanks for involving me here. IMO, the key and sensitive
information is DelegationKey/Password for DelegationToken, the output message
here does not include this information right? So I don't think it it security
issue. Do you mind to more information about this output or stack demo? Thanks.
Issue Time Tracking
-------------------
Worklog Id: (was: 763292)
Time Spent: 50m (was: 40m)
> Namenode WebUI prints sensitve information on Token Expiry
> ----------------------------------------------------------
>
> Key: HDFS-16563
> URL: https://issues.apache.org/jira/browse/HDFS-16563
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Renukaprasad C
> Assignee: Renukaprasad C
> Priority: Major
> Labels: pull-request-available
> Attachments: image-2022-04-27-23-01-16-033.png,
> image-2022-04-27-23-28-40-568.png
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Login to Namenode WebUI.
> Wait for token to expire. (Or modify the Token refresh time
> dfs.namenode.delegation.token.renew/update-interval to lower value)
> Refresh the WebUI after the Token expiry.
> Full token information gets printed in WebUI.
>
> !image-2022-04-27-23-01-16-033.png!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
