You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Márton Balassi (Jira)" <ji...@apache.org> on 2019/09/04 13:32:00 UTC
[jira] [Closed] (FLINK-13957) Redact passwords from dynamic
properties logged on job submission
[ https://issues.apache.org/jira/browse/FLINK-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Márton Balassi closed FLINK-13957.
----------------------------------
Resolution: Invalid
The issue fortunately did not make it to the upstream implementation, was only present in the Cludera fork of Flink. We will commit the original contribution without the issue.
> Redact passwords from dynamic properties logged on job submission
> -----------------------------------------------------------------
>
> Key: FLINK-13957
> URL: https://issues.apache.org/jira/browse/FLINK-13957
> Project: Flink
> Issue Type: Improvement
> Components: Client / Job Submission
> Affects Versions: 1.9.0
> Reporter: Matyas Orhidi
> Assignee: Matyas Orhidi
> Priority: Major
> Labels: log, security, sensitivity
> Fix For: 1.9.1
>
>
> SSL related passwords specified by dynamic properties
> {{flink run -m yarn-cluster -sae -p 2 -ynm HeapMonitor}}
> {{...}}
> -yD security.ssl.internal.key-password=changeit
> {{-yD security.ssl.internal.keystore-password=}}{{changeit}}
> {{-yD security.ssl.internal.truststore-password=}}{{changeit}}
> {{...}}
> are showing up in {{FlinkYarnSessionCli}} logs in plain text:
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.truststore-password=changeit}}
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.keystore-password=changeit}}
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: security.ssl.internal.key-password=changeit}}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)