You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@accumulo.apache.org by "John Vines (Created) (JIRA)" <ji...@apache.org> on 2012/03/22 18:52:22 UTC

[jira] [Created] (ACCUMULO-489) Input Format puts Base64 encoded passwords in Configuration, which is world readable

Input Format puts Base64 encoded passwords in Configuration, which is world readable
------------------------------------------------------------------------------------

                 Key: ACCUMULO-489
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-489
             Project: Accumulo
          Issue Type: Improvement
          Components: client
    Affects Versions: 1.3.5, 1.4.0
            Reporter: John Vines
            Assignee: John Vines
             Fix For: 1.4.1


This has been a known issue, but I think it's about time we address it. Whena  user sets up a mapreduce, they set their password in the configuration (Base64 encoded). This configuration is world readable, meaning passwords are out there in cleartext. We need a mechanism in place to try to keep this data private.

In hadoop 0.20.203, the private distributed cache was implemented. Any file placed in the distributed cache which is not world readable/not in folders world executable automatically get placed in the private distributed cache. The protection mechanism is simply being in the tasktracker's local directory under a folder for the user with restricted permissions. This should be adequate for protecting a users Accumulo password. So this should be as simple as checking the set/getPassword functions to utilize this space rather than the configuration.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira