Thomas Graves edited comment on SPARK-23567 at 3/2/18 3:57 PM:

I also question whether the url should be redacted by default, default example 
given, I'm not sure how the url here is security issue.  
SaveIntoDataSourceCommand jdbc, Map(dbtable -> test10, driver -> 
org.postgresql.Driver, url -> jdbc:postgresql:sparkdb, password -> pass), 

was (Author: tgraves):
I also question whether the url should be redacted by default, but I would want 
to look more at SPARK-22479 to understand what url was hidden since the Jira 
doesn't have an example.

> spark.redaction.regex should not include user by default, docs not updated
> --------------------------------------------------------------------------
>                 Key: SPARK-23567
>                 URL: https://issues.apache.org/jira/browse/SPARK-23567
>             Project: Spark
>          Issue Type: Bug
>          Components: Spark Core
>    Affects Versions: 2.2.1
>            Reporter: Thomas Graves
>            Priority: Major
> SPARK-22479 changed to redact the user name by default.  I would argue 
> username isn't something that should be redacted by default and its very 
> useful for debugging and other things. If people are running super secure and 
> want to turn it on they can but I don't see the user name as a default 
> security setting.  There are also other ways on the UI to see the user name, 
> for instance on yarn you can go to the Environment page and looking at the 
> resources and see the username in the paths.
> Also the Jira did not update the default setting in the docs, so the docs are 
> out of date:
> http://spark.apache.org/docs/2.2.1/configuration.html

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to