[jira] [Resolved] (AMBARI-12634) Clear passwords can be seen on Ambari UI service Configs tab via browser developer tool

Sumit Mohanty (JIRA) Mon, 28 Mar 2016 14:55:51 -0700

     [ 
https://issues.apache.org/jira/browse/AMBARI-12634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sumit Mohanty resolved AMBARI-12634.
------------------------------------
    Resolution: Duplicate

Implemented as part of the linked JIRA.

> Clear passwords can be seen on Ambari UI service Configs tab via browser 
> developer tool
> ---------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12634
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12634
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Yu Gao
>              Labels: security
>
> HTML password type hides passwords with **** on the service Configs page. 
> However, everyone including non-admin users who has ambari access with 
> READ-ONLY permission can see the real content of the passwords through 
> developer tools, like firebug in firefox. For example, the database passwords 
> for oozie/hive and master secret for knox are exposed in this way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (AMBARI-12634) Clear passwords can be seen on Ambari UI service Configs tab via browser developer tool

Reply via email to