You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/01/04 22:31:58 UTC
[jira] [Commented] (KUDU-387) Implement a flag to prevent
disclosure of user data in logs/UI
[ https://issues.apache.org/jira/browse/KUDU-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15799557#comment-15799557 ]
Todd Lipcon commented on KUDU-387:
----------------------------------
KUDU-1812 did a bunch of work on this. For that JIRA we were mostly focusing on the logs, since those are often collected/reported back to services like Splunk/ELK/etc and in many cases even sent outside the network to vendors/mailing lists to help diagnose issues.
We didn't focus much on the web UIs for KUDU-1812 though. I think we might have covered web UIs along the way "by accident" but leaving this open to do a more careful assessment before we claim that web UIs are fully redacted.
> Implement a flag to prevent disclosure of user data in logs/UI
> --------------------------------------------------------------
>
> Key: KUDU-387
> URL: https://issues.apache.org/jira/browse/KUDU-387
> Project: Kudu
> Issue Type: Task
> Components: ops-tooling, security
> Affects Versions: Backlog
> Reporter: Todd Lipcon
>
> Eventually we'd like to support confidential info in Kudu. That means we shouldn't end up putting user data into the logs or web UI. We need to do a pretty full audit of where that data might end up leaking, and then add some kind of flag (since it's useful to have in logs if you don't need the security feature)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)