[jira] [Commented] (SPARK-23850) We should not redact username|user|url from UI by default

Mon, 23 Apr 2018 16:38:57 -0700 

    [ 
https://issues.apache.org/jira/browse/SPARK-23850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16449046#comment-16449046
 ] 

Marcelo Vanzin commented on SPARK-23850:
----------------------------------------

Unless I hear back from the people CC'ed above, I'm going to revert the 
offending part of the original change, which is this:

{noformat}
-      .createWithDefault("(?i)secret|password".r) 
+      .createWithDefault("(?i)secret|password|url|user|username".r)
{noformat}

I'm a little inclined to keep redacting the URL since at least Oracle allows 
the password to be defined in the URL; it would be useful to see the rest of 
the URL for debugging purposes, but that would require extra code.

But redacting the user name is pretty silly; if you look at the env page with 
this change, you see a lot of things like this:

{noformat}
user.home       *********(redacted)
user.timezone   *********(redacted)
user.country    *********(redacted)
{noformat}

Which is kinda pointless.



> We should not redact username|user|url from UI by default
> ---------------------------------------------------------
>
>                 Key: SPARK-23850
>                 URL: https://issues.apache.org/jira/browse/SPARK-23850
>             Project: Spark
>          Issue Type: Bug
>          Components: Web UI
>    Affects Versions: 2.2.1
>            Reporter: Thomas Graves
>            Priority: Major
>
> SPARK-22479 was filed to not print the log jdbc credentials, but in there 
> they also added  the username and url to be redacted.  I'm not sure why these 
> were added and to me by default these do not have security concerns.  It 
> makes it more usable by default to be able to see these things.  Users with 
> high security concerns can simply add them in their configs.
> Also on yarn just redacting url doesn't secure anything because if you go to 
> the environment ui page you see all sorts of paths and really its just 
> confusing that some of its redacted and other parts aren't.  If this was 
> specifically for jdbc I think it needs to be just applied there and not 
> broadly.
> If we remove these we need to test what the jdbc driver is going to log from 
> SPARK-22479.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to