You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Charles Llewellyn (JIRA)" <ji...@apache.org> on 2015/03/24 15:35:03 UTC

[jira] [Created] (AMBARI-10192) Encrypt all passwords

Charles Llewellyn created AMBARI-10192:
------------------------------------------

             Summary: Encrypt all passwords
                 Key: AMBARI-10192
                 URL: https://issues.apache.org/jira/browse/AMBARI-10192
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-web
    Affects Versions: 1.6.1
            Reporter: Charles Llewellyn
            Priority: Minor


Hi,

We recently had a pen test conducted against Ambari. One of the issues highlighted was being able to return the Nagios password in clear text via the API. Is it possible to encrypt the password to prevent this behavior?

Thanks

Charlie



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)