You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Ruslan Dautkhanov (JIRA)" <ji...@apache.org> on 2017/02/07 02:02:41 UTC

[jira] [Created] (ZEPPELIN-2068) Change credentials.json and interpreter.json access permission to 0600

Ruslan Dautkhanov created ZEPPELIN-2068:
-------------------------------------------

             Summary: Change credentials.json and interpreter.json access permission to 0600
                 Key: ZEPPELIN-2068
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2068
             Project: Zeppelin
          Issue Type: Improvement
    Affects Versions: 0.7.0
            Reporter: Ruslan Dautkhanov
            Priority: Critical


credentials.json and interpreter.json are created with default group-readable and world-readable permissions.

Both files can store passwords.

interpreter.json can store passwords, for example, if we have a custom repository - it'll be stored there clear text.

credentials.json obviously store passwords too

Please change default file permissions for credentials.json and interpreter.json to 0600.

Other users should not see clear text passwords.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)