[
https://issues.apache.org/jira/browse/YARN-3834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated YARN-3834:
--------------------------------
Attachment: YARN-3834.001.patch
The attached patch changes the code to use {{Token#toString}}. The
{{toString}} method is already coded to be safe for logging, because it does
not include any representation of the secret. Thanks also to [~vicaya] for the
suggestion to add logging of a fingerprint of the full representation, which is
a one-way hash (non-reversible, therefore safe).
> Scrub debug logging of tokens during resource localization.
> -----------------------------------------------------------
>
> Key: YARN-3834
> URL: https://issues.apache.org/jira/browse/YARN-3834
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: nodemanager
> Affects Versions: 2.7.1
> Reporter: Chris Nauroth
> Assignee: Chris Nauroth
> Attachments: YARN-3834.001.patch
>
>
> During resource localization, the NodeManager logs tokens at debug level to
> aid troubleshooting. This includes the full token representation. Best
> practice is to avoid logging anything secret, even at debug level. We can
> improve on this by changing the logging to use a scrubbed representation of
> the token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
