Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/21158
> To keep all the previous behaviour, SQL_OPTIONS_REDACTION_PATTERN can
include user
User names, unlike passwords, are useful for debugging. And they're not
meant to be secret. They're meant to identify an entity, and by that, it means
it's not generally hard to guess them. Which is why you need a password.
(Think it in a different way: if you access a table you shouldn't, wouldn't
you get an exception saying "user blah cannot access table foo"? And are you
redacting that in the places where that stuff shows up?)
If you have an environment where even user names are considered secret,
it's easy enough to change the configuration. But at that time you really
should think hard about following Tom's advice above and just enable
authentication for your web UIs. Otherwise you're not really taking security
seriously.
I really disliked even keeping the URL redacted, since that's even more
useful than the user for debugging. But some vendors still support and even
document putting passwords in those URLs, so that's why I kept it.
If you guys really feel strongly about redacting user names, I'll add it
back in the SQL config. I don't really care about that part that much, even if
I don't agree with the premise. But I strongly disagree with keeping the
current default value in the core option.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
