[ https://issues.apache.org/jira/browse/HADOOP-13494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean Mackrory updated HADOOP-13494: ----------------------------------- Attachment: HADOOP-13494.001.patch Attaching a patch with a simple approach. It'd be nice to have some mechanism where modules that define config parameters (e.g. Constants.java under s3a) can say which ones are sensitive. But that seems a recipe for over-engineering to me... I think a list of patterns will be best. Any suggestions of other patterns that belong on the list would be welcome... > ReconfigurableBase can log sensitive information > ------------------------------------------------ > > Key: HADOOP-13494 > URL: https://issues.apache.org/jira/browse/HADOOP-13494 > Project: Hadoop Common > Issue Type: Bug > Reporter: Sean Mackrory > Assignee: Sean Mackrory > Attachments: HADOOP-13494.001.patch > > > ReconfigurableBase will log old and new configuration values, which may cause > sensitive parameters (most notably cloud storage keys, though there may be > other instances) to get included in the logs. > Given the currently small list of reconfigurable properties, an argument > could be made for simply not logging the property values at all, but this is > not the only instance where potentially sensitive configuration gets written > somewhere else in plaintext. I think a generic mechanism for redacting > sensitive information for textual display will be useful to some of the web > UIs too. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org