You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@accumulo.apache.org by "John Vines (Created) (JIRA)" <ji...@apache.org> on 2012/03/22 18:52:22 UTC
[jira] [Created] (ACCUMULO-489) Input Format puts Base64 encoded
passwords in Configuration, which is world readable
Input Format puts Base64 encoded passwords in Configuration, which is world readable
------------------------------------------------------------------------------------
Key: ACCUMULO-489
URL: https://issues.apache.org/jira/browse/ACCUMULO-489
Project: Accumulo
Issue Type: Improvement
Components: client
Affects Versions: 1.3.5, 1.4.0
Reporter: John Vines
Assignee: John Vines
Fix For: 1.4.1
This has been a known issue, but I think it's about time we address it. Whena user sets up a mapreduce, they set their password in the configuration (Base64 encoded). This configuration is world readable, meaning passwords are out there in cleartext. We need a mechanism in place to try to keep this data private.
In hadoop 0.20.203, the private distributed cache was implemented. Any file placed in the distributed cache which is not world readable/not in folders world executable automatically get placed in the private distributed cache. The protection mechanism is simply being in the tasktracker's local directory under a folder for the user with restricted permissions. This should be adequate for protecting a users Accumulo password. So this should be as simple as checking the set/getPassword functions to utilize this space rather than the configuration.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira