You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafodion.apache.org by "Roberta Marton (JIRA)" <ji...@apache.org> on 2016/06/10 15:14:20 UTC

[jira] [Created] (TRAFODION-2049) Securely store passwords for Trafodion use.

Roberta Marton created TRAFODION-2049:
-----------------------------------------

             Summary: Securely store passwords for Trafodion use.
                 Key: TRAFODION-2049
                 URL: https://issues.apache.org/jira/browse/TRAFODION-2049
             Project: Apache Trafodion
          Issue Type: Sub-task
          Components: sql-security
            Reporter: Roberta Marton


Today, passwords are stored in the clear in a config file while the installation or upgrade is running.  After the installation completes, the passwords are removed.  However, passwords still remain in the clear in the temp config file used by installer - people have read access.  This needs to be fixed.
In addition, the Kerberos admin password is not saved but asked when needed to secure install.  This is painful because you need to watch for the prompt.

There needs to be a way to store passwords securely on the system and/or not store passwords but ask for them every time.  Perhaps using some encryption algorithm to save passwords in a file that can be encrypted when needed.  Investigation into the best mechanism is needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)