[
https://issues.apache.org/jira/browse/AMBARI-26555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jialiang Cai resolved AMBARI-26555.
-----------------------------------
Fix Version/s: 3.1.0
Resolution: Fixed
> Password leaked for configurations at stack root (e.g. cluster-env.xml)
> -----------------------------------------------------------------------
>
> Key: AMBARI-26555
> URL: https://issues.apache.org/jira/browse/AMBARI-26555
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 3.0.0, 2.7.9
> Reporter: YUBI LEE
> Assignee: YUBI LEE
> Priority: Major
> Fix For: 3.1.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> There is a mechanism that hides passwords for configurations with the
> "PASSWORD" property type.
> However, the {{StackInfo#getConfigPropertiesType()}} method only handles
> configurations that belong to a specific service, not those defined at the
> stack root.
> For example, if you add some "PASSWORD"-type configurations to
> {{cluster-env.xml}}, they will be exposed through the HTTP API.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
