You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Chris Nauroth (JIRA)" <ji...@apache.org> on 2015/06/19 19:42:02 UTC

[jira] [Updated] (YARN-3834) Scrub debug logging of tokens during resource localization.

     [ https://issues.apache.org/jira/browse/YARN-3834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Nauroth updated YARN-3834:
--------------------------------
    Attachment: YARN-3834.001.patch

The attached patch changes the code to use {{Token#toString}}.  The {{toString}} method is already coded to be safe for logging, because it does not include any representation of the secret.  Thanks also to [~vicaya] for the suggestion to add logging of a fingerprint of the full representation, which is a one-way hash (non-reversible, therefore safe).

> Scrub debug logging of tokens during resource localization.
> -----------------------------------------------------------
>
>                 Key: YARN-3834
>                 URL: https://issues.apache.org/jira/browse/YARN-3834
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>    Affects Versions: 2.7.1
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: YARN-3834.001.patch
>
>
> During resource localization, the NodeManager logs tokens at debug level to aid troubleshooting.  This includes the full token representation.  Best practice is to avoid logging anything secret, even at debug level.  We can improve on this by changing the logging to use a scrubbed representation of the token.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)