Varun Vasudev commented on YARN-2373:

[~lmccay] thanks for the patch! Some general questions(since this is part of a 
larger effort) -
1. For the null case(where the WebAppUtils.getPassword() returns null), should 
we add a warning or an audit log that someone was trying to get a password that 
was null?
2. Will you update documentation in another ticket(just to let users know that 
they can use a CredentialProvider instead of using plain text)?

Other than that, it looks good to me.

> WebAppUtils Should Use configuration.getPassword for Accessing SSL Passwords
> ----------------------------------------------------------------------------
>                 Key: YARN-2373
>                 URL: https://issues.apache.org/jira/browse/YARN-2373
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Larry McCay
>         Attachments: YARN-2373.patch, YARN-2373.patch, YARN-2373.patch
> As part of HADOOP-10904, this jira represents a change to WebAppUtils to 
> uptake the use of the credential provider API through the new method on 
> Configuration called getPassword.
> This provides an alternative to storing the passwords in clear text within 
> the ssl-server.xml file while maintaining backward compatibility with that 
> behavior.

This message was sent by Atlassian JIRA

Reply via email to