[ https://issues.apache.org/jira/browse/SPARK-23850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16449072#comment-16449072 ]
Marcelo Vanzin commented on SPARK-23850: ---------------------------------------- Yeah, things like {{java.vendor.url}} end up redacted too... But there's the issue of JDBC drivers allowing passwords in their URL. Though they generally allow the password to be provided separately in a properties object too, which is preferable. Also, it turns out other parts of SQL use a different way of redacting things added in SPARK-22791. The way I read that, the code added to {{SaveIntoDataSourceCommand}} is now redundant, since paths that print plans will be automatically redacted by the code in {{QueryExecution}}. That change added a separate config that defaults to the value of the config in core. If we change that to be a separate config instead of falling back to the code config, we could have different defaults (leaving the URL alone on the core side), but that changes behavior slightly. > We should not redact username|user|url from UI by default > --------------------------------------------------------- > > Key: SPARK-23850 > URL: https://issues.apache.org/jira/browse/SPARK-23850 > Project: Spark > Issue Type: Bug > Components: Web UI > Affects Versions: 2.2.1 > Reporter: Thomas Graves > Priority: Major > > SPARK-22479 was filed to not print the log jdbc credentials, but in there > they also added the username and url to be redacted. I'm not sure why these > were added and to me by default these do not have security concerns. It > makes it more usable by default to be able to see these things. Users with > high security concerns can simply add them in their configs. > Also on yarn just redacting url doesn't secure anything because if you go to > the environment ui page you see all sorts of paths and really its just > confusing that some of its redacted and other parts aren't. If this was > specifically for jdbc I think it needs to be just applied there and not > broadly. > If we remove these we need to test what the jdbc driver is going to log from > SPARK-22479. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org