You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Tuong Truong (JIRA)" <ji...@apache.org> on 2014/11/11 00:02:34 UTC

[jira] [Resolved] (SENTRY-486) Add database password obfuscation support for sentry-site.xml

     [ https://issues.apache.org/jira/browse/SENTRY-486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tuong Truong resolved SENTRY-486.
---------------------------------
    Resolution: Later

Work on this JIRA will be stopped.  Once the Hadop CredentialProvider framework is available, it may be resurrected to integrate with CredentialProvider.

> Add database password obfuscation support for sentry-site.xml
> -------------------------------------------------------------
>
>                 Key: SENTRY-486
>                 URL: https://issues.apache.org/jira/browse/SENTRY-486
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Tuong Truong
>            Assignee: Tuong Truong
>              Labels: security
>         Attachments: SENTRY-486-0.patch, SENTRY-486-1.patch
>
>   Original Estimate: 16h
>  Remaining Estimate: 16h
>
> Currently, the db store database password is in plain-text in the sentry-site.xml file.  This is a security issue.  We need to be able to support encrypted password in the config file.
> We plan to add a couple of property into the sentry-site.xml file.  So in addition to the existing:
>   <property>
>     <name>sentry.store.jdbc.user</name>
>     <value>sentry</value>
>   </property>
>   <property>
>     <name>sentry.store.jdbc.password</name>
>     <value>test</value>
>   </property>
> we propose to add:
>   <property>
>     <name>sentry.store.jdbc.password.encrypted</name>
>     <value>true</value>   // This indicate to Sentry that the password is encrypted -   Default = false
>   </property>
>   <property>
>     <name>sentry.store.jdbc.password.cryptor</name>
>     <value>org.test.decryptor</value>  // This is the class needed to use to decrypt the password
>   </property>
> Sentry will invoke the decrypt() method on org.test.decryptor to obtain the decrypted password to configure DataNucleus.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)