You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@accumulo.apache.org by Rodrigo Andrade <ro...@gmail.com> on 2015/05/08 19:29:01 UTC

Possible information leak

Hi,

In this commit:
https://github.com/apache/accumulo/commit/27d79c2651277c465a497c68ec238771692a6fa0

Does "value" contain private information?

Regards,
Rodrigo

Re: Possible information leak

Posted by Mike Drob <ma...@cloudera.com>.

Value will contain whatever the user provided on the command line, so
printing it back out to them shouldn't result in exposing something secret.

On Fri, May 8, 2015 at 12:29 PM, Rodrigo Andrade <ro...@gmail.com>
wrote:

> Hi,
>
> In this commit:
>
> https://github.com/apache/accumulo/commit/27d79c2651277c465a497c68ec238771692a6fa0
>
> Does "value" contain private information?
>
> Regards,
> Rodrigo
>

Re: Possible information leak

Posted by Billie Rinaldi <bi...@gmail.com>.

I think the value is the name of the class, e.g.
org.apache.accumulo.core.client.security.tokens.PasswordToken, rather than,
say, the password the user provided for authentication.

On Fri, May 8, 2015 at 10:29 AM, Rodrigo Andrade <ro...@gmail.com>
wrote:

> Hi,
>
> In this commit:
>
> https://github.com/apache/accumulo/commit/27d79c2651277c465a497c68ec238771692a6fa0
>
> Does "value" contain private information?
>
> Regards,
> Rodrigo
>