[ https://issues.apache.org/jira/browse/LIVY-833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Saisai Shao closed LIVY-833. ---------------------------- Resolution: Won't Fix > Livy allows users to see password in config files > (spark.ssl.keyPassword,spark.ssl.keyStorePassword,spark.ssl.trustStorePassword, > etc) > -------------------------------------------------------------------------------------------------------------------------------------- > > Key: LIVY-833 > URL: https://issues.apache.org/jira/browse/LIVY-833 > Project: Livy > Issue Type: Bug > Components: Server > Affects Versions: 0.7.0 > Reporter: Kaidi Zhao > Priority: Major > Labels: security > > It looks like a regular user (client) of Livy, can use commands like: > spark.sparkContext.getConf().getAll() > The command will retry all spark configurations including those passwords > (such as spark.ssl.trustStorePassword, spark.ssl.keyPassword). > I would suggest to block / mask these password. > PS, Spark's UI fixed this issue in this > https://issues.apache.org/jira/browse/SPARK-16796 -- This message was sent by Atlassian Jira (v8.3.4#803005)