Arpit Khare created STORM-3184:
----------------------------------
Summary: Storm supervisor log showing keystore and truststore
password in plaintext
Key: STORM-3184
URL: https://issues.apache.org/jira/browse/STORM-3184
Project: Apache Storm
Issue Type: Bug
Components: storm-core
Affects Versions: 1.1.1
Reporter: Arpit Khare
When we enable SSL for Apache storm, the superviosr log shows the keystore and
truststore password in the plaintext
log name : /var/log/storm/supervisor.log
{code}
2018-05-28 16:21:12.594 o.a.s.d.s.Supervisor main [INFO] Starting supervisor
for storm version '1.1.1.3.1.1.0-35'.
2018-05-28 16:21:12.595 o.a.s.d.s.Supervisor main [INFO] Starting Supervisor
with conf {storm.messaging.netty.min_wait_ms=100,
storm.zookeeper.auth.user=null, storm.messaging.netty.buffer_s
ize=5242880,
client.jartransformer.class=org.apache.storm.hack.StormShadeTransformer,
storm.exhibitor.port=8080, pacemaker.auth.method=NONE, ui.filter=null,
worker.profiler.enabled=false
ui.https.key.password=pass123
ui.https.keystore.password=pass123
{code}
For the below properties created in custom-storm-site section in Ambari while
enabling SSL.
{code}
ui.https.key.password=pass123
ui.https.keystore.password=pass123
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
