[ https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16414720#comment-16414720 ]
Larry McCay commented on HADOOP-15325: -------------------------------------- All of that said, if you did want to codify that decision, you could just make getPasswordFromCredentialsProvider method public and use that directly. > Add an option to make Configuration.getPassword() not to fallback to read > passwords from configuration. > ------------------------------------------------------------------------------------------------------- > > Key: HADOOP-15325 > URL: https://issues.apache.org/jira/browse/HADOOP-15325 > Project: Hadoop Common > Issue Type: Improvement > Components: conf > Affects Versions: 2.6.0 > Reporter: Wei-Chiu Chuang > Assignee: Zsolt Venczel > Priority: Major > > HADOOP-10607 added a public API Configuration.getPassword() which reads > passwords from credential provider and then falls back to reading from > configuration if one is not available. > This API has been used throughout Hadoop codebase and downstream > applications. It is understandable for old password configuration keys to > fallback to configuration to maintain backward compatibility. But for new > configuration passwords that don't have legacy, there should be an option to > _not_ fallback, because storing passwords in configuration is considered a > bad security practice. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org