Input Format puts Base64 encoded passwords in Configuration, which is world
readable
------------------------------------------------------------------------------------
Key: ACCUMULO-489
URL: https://issues.apache.org/jira/browse/ACCUMULO-489
Project: Accumulo
Issue Type: Improvement
Components: client
Affects Versions: 1.3.5, 1.4.0
Reporter: John Vines
Assignee: John Vines
Fix For: 1.4.1
This has been a known issue, but I think it's about time we address it. Whena
user sets up a mapreduce, they set their password in the configuration (Base64
encoded). This configuration is world readable, meaning passwords are out there
in cleartext. We need a mechanism in place to try to keep this data private.
In hadoop 0.20.203, the private distributed cache was implemented. Any file
placed in the distributed cache which is not world readable/not in folders
world executable automatically get placed in the private distributed cache. The
protection mechanism is simply being in the tasktracker's local directory under
a folder for the user with restricted permissions. This should be adequate for
protecting a users Accumulo password. So this should be as simple as checking
the set/getPassword functions to utilize this space rather than the
configuration.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
