[jira] [Commented] (SAMZA-589) Need a way to flag sensitive information in Config

["Chris Riccomini (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SAMZA-589?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14354017#comment-14354017 ] 

Chris Riccomini commented on SAMZA-589:
---------------------------------------

Sentry uses [this|https://github.com/getsentry/sentry/blob/2d1e25931fcd0b0e049ca258dd82e9db8f6016e5/src/sentry/utils/data_scrubber.py].

Alternatively, the way Hadoop handles this is to use real security. Authentication is required to view secure AMs and logs. This prevents any leakage.

TBH, the secure-Hadoop approach seems better, but I'm not sure how far YARN is from getting secure-YARN working for long-lived services (YARN-896).

> Need a way to flag sensitive information in Config
> --------------------------------------------------
>
>                 Key: SAMZA-589
>                 URL: https://issues.apache.org/jira/browse/SAMZA-589
>             Project: Samza
>          Issue Type: Bug
>          Components: container
>    Affects Versions: 0.8.0
>            Reporter: Tommy Becker
>             Fix For: 0.10.0
>
>
> Currently, the full contents of a job's Config is exposed in at least a couple of places including the logs (logged by SamzaContainer), and the ApplicationMaster UI's config page.  There is a security concern with doing that if sensitive information (e.g. credentials) is stored there.  It would be nice to be able to mark sensitive config values so that they are not displayed in such ways.  The only thing that springs to mind is a special naming convention, perhaps a "sensitive" prefix that would identify these values.  Ideally such a capability would be baked into Config itself, but minimally Samza code that exposes Config could be made aware of the convention to avoid displaying the plaintext of sensitive values.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)