Jeff Zhang created ZEPPELIN-1778: ------------------------------------ Summary: Potential security issue for passing user credential to interpreter process Key: ZEPPELIN-1778 URL: https://issues.apache.org/jira/browse/ZEPPELIN-1778 Project: Zeppelin Issue Type: Improvement Affects Versions: 0.6.2, 0.7.0 Reporter: Jeff Zhang Priority: Critical
Currently zeppelin-server will pass user credential info to interpreter process through thrift. This would cause potential security issue as I think the thrift protocol we used for now is not secured. One solution is to enable SSL for thrift. Besides, there're 2 other problems: * credential info will be save in conf/credentials.json in plain text. * credential info be passed to all the interpreters no matter whether this interpreter need this. \cc [~moon] [~vinayshu...@gmail.com] [~prasadwagle] -- This message was sent by Atlassian JIRA (v6.3.4#6332)