You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sumit Mohanty (JIRA)" <ji...@apache.org> on 2016/03/28 23:55:25 UTC
[jira] [Resolved] (AMBARI-12634) Clear passwords can be seen on
Ambari UI service Configs tab via browser developer tool
[ https://issues.apache.org/jira/browse/AMBARI-12634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sumit Mohanty resolved AMBARI-12634.
------------------------------------
Resolution: Duplicate
Implemented as part of the linked JIRA.
> Clear passwords can be seen on Ambari UI service Configs tab via browser developer tool
> ---------------------------------------------------------------------------------------
>
> Key: AMBARI-12634
> URL: https://issues.apache.org/jira/browse/AMBARI-12634
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Yu Gao
> Labels: security
>
> HTML password type hides passwords with **** on the service Configs page. However, everyone including non-admin users who has ambari access with READ-ONLY permission can see the real content of the passwords through developer tools, like firebug in firefox. For example, the database passwords for oozie/hive and master secret for knox are exposed in this way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)