[
https://issues.apache.org/jira/browse/KUDU-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15890963#comment-15890963
]
Todd Lipcon commented on KUDU-1896:
-----------------------------------
Part 2 landed here: http://gerrit.cloudera.org:8080/6193 so now the traces are
fully redacted via the web UI.
Hao is working on adding htpasswd support for the web UI.
I think the last thing will be a simple flag to disable the web UI completely
in case we missed anything else important.
> enable redaction of data in web UI/tracing
> ------------------------------------------
>
> Key: KUDU-1896
> URL: https://issues.apache.org/jira/browse/KUDU-1896
> Project: Kudu
> Issue Type: Bug
> Components: security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> Currently even if security is enabled, you can use the web UI
> tracing/rpcz/etc to see current RPC traffic, including tokens returned from
> ConnectToMaster RPCs, etc. We need to enable redaction for the stringified
> PBs in the traces, and probably offer the ability to disable web UI pages
> entirely.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
