[ https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16416122#comment-16416122 ]
Konstantin Shvachko commented on HADOOP-15325: ---------------------------------------------- ??I think that you are viewing the use of getPassword as a mechanism only to be used for old passwords that used to be stored in configuration and that any new ones should use the credential provider API directly instead.?? Hi [~lmccay], you are exactly right. And even though {{getPassowrd()}} is nice and convenient, we need some way to introduce new practice, which avoids adding passwords into configs. So {{public getPasswordFromCredentialsProvider()}} as you and [~jojochuang] suggested should serve this purpose well. I am not in favor of adding the extra FALLBACK parameter because it is quite confusing / complicates configuration. I mean you really have to look in the code to understand what it means. And potentially read this discussion to understand the background. I also think we should deprecate all existing password fields in current configuration and backport it into downstream versions, so that we could remove them some time in the future. > Add an option to make Configuration.getPassword() not to fallback to read > passwords from configuration. > ------------------------------------------------------------------------------------------------------- > > Key: HADOOP-15325 > URL: https://issues.apache.org/jira/browse/HADOOP-15325 > Project: Hadoop Common > Issue Type: Improvement > Components: conf > Affects Versions: 2.6.0 > Reporter: Wei-Chiu Chuang > Assignee: Zsolt Venczel > Priority: Major > > HADOOP-10607 added a public API Configuration.getPassword() which reads > passwords from credential provider and then falls back to reading from > configuration if one is not available. > This API has been used throughout Hadoop codebase and downstream > applications. It is understandable for old password configuration keys to > fallback to configuration to maintain backward compatibility. But for new > configuration passwords that don't have legacy, there should be an option to > _not_ fallback, because storing passwords in configuration is considered a > bad security practice. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org