You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Supreeth Sharma (JIRA)" <ji...@apache.org> on 2018/03/13 08:31:00 UTC
[jira] [Created] (ZEPPELIN-3323) SSL Passwords are stored in
plaintext and world readable in zeppelin-site.xml
Supreeth Sharma created ZEPPELIN-3323:
-----------------------------------------
Summary: SSL Passwords are stored in plaintext and world readable in zeppelin-site.xml
Key: ZEPPELIN-3323
URL: https://issues.apache.org/jira/browse/ZEPPELIN-3323
Project: Zeppelin
Issue Type: Bug
Components: zeppelin-server
Affects Versions: 0.7.3
Reporter: Supreeth Sharma
'zeppelin.ssl.key.manager.password', 'zeppelin.ssl.keystore.password', 'zeppelin.ssl.truststore.password' are stored as plaintext in zeppelin-site.xml and by default every body has read permission on this file.
{code}
[root@ctr-e138-1518143905142-88013-01-000003 ~]# ls -ltr /etc/zeppelin/conf/zeppelin-site.xml
-rw-r--r-- 1 zeppelin zeppelin 4090 Mar 11 16:30 /etc/zeppelin/conf/zeppelin-site.xml
{code}
Either we should encrypt these passwords or atleast have appropriate file permissions to restrict every one from reading the password.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)