Todd Lipcon has submitted this change and it was merged. Change subject: KUDU-1896 (part 2): enable redaction on the web UI ......................................................................
KUDU-1896 (part 2): enable redaction on the web UI When we first added log redaction, we decided not to enable redaction of the web UI. The reasoning at the time was that the primary motivation for log redaction was so that people could easily share logs outside of their network without fear of leaking sensitive data, but that defending data against "inside the network" readers was useless given lack of authentication. Now, we have authentication and basic authorization support, so it makes more sense to consider preventing internal users from seeing data. Someone may have network access to the web UI but not supposed to have access to read data stored in Kudu. Given that, this patch enables redaction on the web pages. Note that this has a very important side effect as well: redaction is enabled for the /tracing and /rpcz endpoints. This is critical since both allow a remote user to snoop on RPC requests and responses, and those may include data such as authentication credentials as well as user data. With redaction now enabled, I verified that the traced data is properly redacted as well. I also verified that range partitions are still displayed un-redacted as desired, while RowSet boundary keys (which are user data) are now redacted. Change-Id: I4d31f87fd10d177adc2d98dcb049f3bcf6ecdbe2 Reviewed-on: http://gerrit.cloudera.org:8080/6193 Reviewed-by: Adar Dembo <[email protected]> Reviewed-by: Dan Burkert <[email protected]> Tested-by: Kudu Jenkins --- M src/kudu/server/webserver.cc 1 file changed, 0 insertions(+), 5 deletions(-) Approvals: Dan Burkert: Looks good to me, approved Adar Dembo: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/6193 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4d31f87fd10d177adc2d98dcb049f3bcf6ecdbe2 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]>
