You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Madhan Neethiraj (Jira)" <ji...@apache.org> on 2022/07/25 18:07:00 UTC

[jira] [Updated] (RANGER-3822) RangerService outputs password information in plaintext

     [ https://issues.apache.org/jira/browse/RANGER-3822?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Madhan Neethiraj updated RANGER-3822:
-------------------------------------
    Fix Version/s: 2.4.0

> RangerService outputs password information in plaintext
> -------------------------------------------------------
>
>                 Key: RANGER-3822
>                 URL: https://issues.apache.org/jira/browse/RANGER-3822
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>    Affects Versions: 1.2.0, 2.2.0
>            Reporter: Binhua Hu
>            Assignee: Binhua Hu
>            Priority: Major
>             Fix For: 3.0.0, 2.4.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> RangerService outputs information in plaintext, causing the component password to be leaked.For example, when the Ranger service with the same name is created repeatedly, the password information of relevant components will be printed in the log.
> {code:java}
> 2022-07-11 10:08:59,505 [http-bio-6080-exec-4] ERROR org.apache.ranger.rest.ServiceRest(SericeREST.java:672) - createService(RangerService={id={null} guid={null} isEnabled={true} createdBy={null} updateBy={null} createTime={Thu Jan 01 08:00:00 GMT+8:00 1970} updateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} version={1} name={service-kafka} type={kafka} description={null} tagService={null} configs={password={123456} username={admin}} policyVersion={0} policyUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} tagVersion={1} tagUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970}}) failed{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)