You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by tinkoff-dwh <gi...@git.apache.org> on 2017/03/16 09:17:46 UTC
[GitHub] zeppelin pull request #2145: [ZEPPELIN-2271] encoding password of credential...
GitHub user tinkoff-dwh opened a pull request:
https://github.com/apache/zeppelin/pull/2145
[ZEPPELIN-2271] encoding password of credentials
### What is this PR for?
Added a simple encoding of the password in the file (the credentials.json). Application administrator (Zeppelin) which has access to the file should not see user passwords at least as plain text.
### What type of PR is it?
Improvement
### Todos
- [ ] remove credentials.json (if exist)
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2271
### How should this be tested?
Add credentials:
Entity: test.test
Username: user
Password: passwd
Check content of file **credentials.conf**, password not equals "passwd"
### Questions:
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? no
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/tinkoff-dwh/zeppelin ZEPPELIN-2271
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2145.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2145
----
commit ed27563102a0de46f867ce0cb92c9205320a8b3f
Author: Tinkoff DWH <ti...@gmail.com>
Date: 2017-03-16T06:46:15Z
[ZEPPELIN-2271] encoding password of credentials
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2145
I think zeppelin should provide a pluggable interface for password storing and encrypting. Zeppelin could provide its default implementation for that but allow for extension. Storing password in file is not a mature and long term solution to me.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by dwhsys <gi...@git.apache.org>.
Github user dwhsys commented on the issue:
https://github.com/apache/zeppelin/pull/2145
@felixcheung @jongyoul ,
I want to discuss the problem of "false sense of security". I hope that anyone who want to use "credentials feature" in enterprise solution will be aware of low security while storing passwords in file (even encrypted). And I agree with @zjffdu about temporality of this mechanism. But here we have one obvious benefit: we do not allow someone with good intentions to see credentials accidentally. So it may be enough reason to implement this PR. I'm not really sure in my rationales. Waiting for your reply.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin pull request #2145: [ZEPPELIN-2271] encoding password of credential...
Posted by tinkoff-dwh <gi...@git.apache.org>.
Github user tinkoff-dwh closed the pull request at:
https://github.com/apache/zeppelin/pull/2145
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by jongyoul <gi...@git.apache.org>.
Github user jongyoul commented on the issue:
https://github.com/apache/zeppelin/pull/2145
I agree with @felixcheung.I'm not sure what the benefit is.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by tinkoff-dwh <gi...@git.apache.org>.
Github user tinkoff-dwh commented on the issue:
https://github.com/apache/zeppelin/pull/2145
@herval
link?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by herval <gi...@git.apache.org>.
Github user herval commented on the issue:
https://github.com/apache/zeppelin/pull/2145
https://github.com/herval/zeppelin/tree/encrypt-credentials
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by felixcheung <gi...@git.apache.org>.
Github user felixcheung commented on the issue:
https://github.com/apache/zeppelin/pull/2145
I'm concerned that this would give people a false sense of security...
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2145: [ZEPPELIN-2271] encoding password of credentials
Posted by herval <gi...@git.apache.org>.
Github user herval commented on the issue:
https://github.com/apache/zeppelin/pull/2145
I've implemented something slightly similar here, except I'm actually encrypting the entire file using AES, using a passphrase you provide (which can live in memory)
it's not ideal, but as others stated, it's better than no protection at all.
thoughts?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---