You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2016/09/07 20:43:20 UTC
[jira] [Commented] (AMBARI-18334) Password in the
configurations.json file in the ambari-agent cache is not encrypted
[ https://issues.apache.org/jira/browse/AMBARI-18334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15471735#comment-15471735 ]
Hadoop QA commented on AMBARI-18334:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12827417/AMBARI-18334.patch
against trunk revision .
{color:red}-1 patch{color}. Top-level trunk compilation may be broken.
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/8603//console
This message is automatically generated.
> Password in the configurations.json file in the ambari-agent cache is not encrypted
> -----------------------------------------------------------------------------------
>
> Key: AMBARI-18334
> URL: https://issues.apache.org/jira/browse/AMBARI-18334
> Project: Ambari
> Issue Type: Bug
> Reporter: Anita Gnanamalar Jebaraj
> Assignee: Anita Gnanamalar Jebaraj
> Attachments: AMBARI-18334.patch
>
>
> The configurations.json file loaded in the ambari-agent cache located at /var/lib/ambari-agent/cache/cluster_configuration contains password details in plaintext (Ex: ssl.client.keystore.password,ssl.client.truststore.password etc.). The values are loaded both in the memory cache and file cache, the file seems to be used only for debugging purposes, so it would be a better approach to mask the passwords in the file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)