[ https://issues.apache.org/jira/browse/YARN-3834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth updated YARN-3834: -------------------------------- Attachment: YARN-3834.001.patch The attached patch changes the code to use {{Token#toString}}. The {{toString}} method is already coded to be safe for logging, because it does not include any representation of the secret. Thanks also to [~vicaya] for the suggestion to add logging of a fingerprint of the full representation, which is a one-way hash (non-reversible, therefore safe). > Scrub debug logging of tokens during resource localization. > ----------------------------------------------------------- > > Key: YARN-3834 > URL: https://issues.apache.org/jira/browse/YARN-3834 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager > Affects Versions: 2.7.1 > Reporter: Chris Nauroth > Assignee: Chris Nauroth > Attachments: YARN-3834.001.patch > > > During resource localization, the NodeManager logs tokens at debug level to > aid troubleshooting. This includes the full token representation. Best > practice is to avoid logging anything secret, even at debug level. We can > improve on this by changing the logging to use a scrubbed representation of > the token. -- This message was sent by Atlassian JIRA (v6.3.4#6332)