[ https://issues.apache.org/jira/browse/YARN-2373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090659#comment-14090659 ]
Varun Vasudev commented on YARN-2373: ------------------------------------- [~lmccay] thanks for the patch! Some general questions(since this is part of a larger effort) - 1. For the null case(where the WebAppUtils.getPassword() returns null), should we add a warning or an audit log that someone was trying to get a password that was null? 2. Will you update documentation in another ticket(just to let users know that they can use a CredentialProvider instead of using plain text)? Other than that, it looks good to me. > WebAppUtils Should Use configuration.getPassword for Accessing SSL Passwords > ---------------------------------------------------------------------------- > > Key: YARN-2373 > URL: https://issues.apache.org/jira/browse/YARN-2373 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Larry McCay > Attachments: YARN-2373.patch, YARN-2373.patch, YARN-2373.patch > > > As part of HADOOP-10904, this jira represents a change to WebAppUtils to > uptake the use of the credential provider API through the new method on > Configuration called getPassword. > This provides an alternative to storing the passwords in clear text within > the ssl-server.xml file while maintaining backward compatibility with that > behavior. -- This message was sent by Atlassian JIRA (v6.2#6252)