You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Sumit Mohanty (JIRA)" <ji...@apache.org> on 2016/03/28 23:55:25 UTC

[jira] [Resolved] (AMBARI-12634) Clear passwords can be seen on Ambari UI service Configs tab via browser developer tool

     [ https://issues.apache.org/jira/browse/AMBARI-12634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sumit Mohanty resolved AMBARI-12634.
------------------------------------
    Resolution: Duplicate

Implemented as part of the linked JIRA.

> Clear passwords can be seen on Ambari UI service Configs tab via browser developer tool
> ---------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12634
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12634
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Yu Gao
>              Labels: security
>
> HTML password type hides passwords with **** on the service Configs page. However, everyone including non-admin users who has ambari access with READ-ONLY permission can see the real content of the passwords through developer tools, like firebug in firefox. For example, the database passwords for oozie/hive and master secret for knox are exposed in this way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)