[
https://issues.apache.org/jira/browse/HBASE-11810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14108456#comment-14108456
]
Larry McCay commented on HBASE-11810:
-------------------------------------
Is there any reason to not just use reflection in the HBaseConfiguration class
to see whether the new getPassword method exists?
I'm thinking that we add a getHBasePassword to HBaseConfiguration and in it
check whether Configuration.getPassword exists or not with reflection - if so
invoke it otherwise fall back to plain ole get().
Is there a reason to do this in the compatibility layer instead?
What's odd is I don't see any use of reflection in there.
> Access SSL Passwords through Credential Provider API
> ----------------------------------------------------
>
> Key: HBASE-11810
> URL: https://issues.apache.org/jira/browse/HBASE-11810
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Larry McCay
>
> HADOOP-10607 introduced the credential provider API for allowing passwords
> and other sensitive configuration items to be stored in an external provider.
> RESTServer is accessing passwords stored in clear text in Configuration
> through the standard get() method. By using the new Configuration.getPassword
> method instead, the credential provider API will be checked first then fall
> back to clear text - when allowed.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
