[
https://issues.apache.org/jira/browse/AMBARI-22571?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16276845#comment-16276845
]
Aleksandr Kovalenko commented on AMBARI-22571:
----------------------------------------------
[~rlevas], actually front end didn't require any changes to work with back end
keyStore. So front end still send passwords in POST requests as plain text (and
it is ok), but when we are loading property value with type: "password" and
keyStore: true, we just get formatted value like
"SECRET:oozie-site:1:oozie.service.JPAService.jdbc.password" instead of real
plain text value and show it hidden by password-type input (with asterisks). We
don't need password values.
> Handle passwords/sensitive data in Ambari configuration properties
> ------------------------------------------------------------------
>
> Key: AMBARI-22571
> URL: https://issues.apache.org/jira/browse/AMBARI-22571
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Minor
> Labels: config, security
> Fix For: trunk
>
>
> Passwords and other sensitive data stored as values to properties in Ambari
> configurations need to be masked or not stored in cleartext.
> For example,
> {{ldap-configuration/ambari.ldap.connectivity.trust_store.password}} and
> ldap-{{configuration/ambari.ldap.connectivity.bind_password}}.
> If the Ambari credential store is enabled (which might be by default as of
> Ambari 3.0.0), the sensitive date can be stored there like we do when
> sensitive data is to be stored in the ambari.properties file - see
> {{org.apache.ambari.server.security.encryption.CredentialStoreService}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
