[jira] [Commented] (HADOOP-15325) Add an option to make Configuration.getPassword() not to fallback to read passwords from configuration.

Tue, 27 Mar 2018 12:24:19 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16416122#comment-16416122
 ] 

Konstantin Shvachko commented on HADOOP-15325:
----------------------------------------------

??I think that you are viewing the use of getPassword as a mechanism only to be 
used for old passwords that used to be stored in configuration and that any new 
ones should use the credential provider API directly instead.??

Hi [~lmccay], you are exactly right. And even though {{getPassowrd()}} is nice 
and convenient, we need some way to introduce new practice, which avoids adding 
passwords into configs. So {{public getPasswordFromCredentialsProvider()}} as 
you and [~jojochuang] suggested should serve this purpose well.
I am not in favor of adding the extra FALLBACK parameter because it is quite 
confusing / complicates configuration. I mean you really have to look in the 
code to understand what it means. And potentially read this discussion to 
understand the background.

I also think we should deprecate all existing password fields in current 
configuration and backport it into downstream versions, so that we could remove 
them some time in the future.

> Add an option to make Configuration.getPassword() not to fallback to read 
> passwords from configuration.
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-15325
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15325
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: conf
>    Affects Versions: 2.6.0
>            Reporter: Wei-Chiu Chuang
>            Assignee: Zsolt Venczel
>            Priority: Major
>
> HADOOP-10607 added a public API Configuration.getPassword() which reads 
> passwords from credential provider and then falls back to reading from 
> configuration if one is not available.
> This API has been used throughout Hadoop codebase and downstream 
> applications. It is understandable for old password configuration keys to 
> fallback to configuration to maintain backward compatibility. But for new 
> configuration passwords that don't have legacy, there should be an option to 
> _not_ fallback, because storing passwords in configuration is considered a 
> bad security practice.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to