[jira] [Updated] (DRILL-7547) More secure storage for mongodb credentials

Fri, 07 Feb 2020 20:51:00 -0800 


     [ 
https://issues.apache.org/jira/browse/DRILL-7547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dobes Vandermeer updated DRILL-7547:
------------------------------------
    Description: 
Currently you can sort of "hide" S3 AWS credentials in core-site.xml, but for 
the mongodb connection the username and password are accessible from the Web 
UI, API, and ZooKeeper API because it is placed in the configuration for the 
storage plugin.

I wonder if it would be possible to store the username and password used for 
mongodb connection in a more secure manner, maybe it could be encrypted when 
you first save it, then even if you look at the configuration for the mongodb 
storage plugin via the ZooKeeper API you cannot extract the username and 
password.

 

  was:
Currently you can sort of "hide" S3 AWS credentials in core-site.xml, but for 
the mongodb connection the username and password are accessible from the Web UI 
and API because it is placed in the configuration for the storage plugin.

I wonder if it would be possible to store the username and password used for 
mongodb connection in a more secure manner, maybe it could be encrypted when 
you first save it, then even if you look at the configuration for the mongodb 
storage plugin you cannot extract the username and password.

 


> More secure storage for mongodb credentials
> -------------------------------------------
>
>                 Key: DRILL-7547
>                 URL: https://issues.apache.org/jira/browse/DRILL-7547
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Storage - MongoDB
>    Affects Versions: 1.17.0
>            Reporter: Dobes Vandermeer
>            Priority: Major
>
> Currently you can sort of "hide" S3 AWS credentials in core-site.xml, but for 
> the mongodb connection the username and password are accessible from the Web 
> UI, API, and ZooKeeper API because it is placed in the configuration for the 
> storage plugin.
> I wonder if it would be possible to store the username and password used for 
> mongodb connection in a more secure manner, maybe it could be encrypted when 
> you first save it, then even if you look at the configuration for the mongodb 
> storage plugin via the ZooKeeper API you cannot extract the username and 
> password.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to