[ https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16420039#comment-16420039 ]
Konstantin Shvachko commented on HADOOP-15325: ---------------------------------------------- Hey [~ste...@apache.org] there is another jira HDFS-13366 to deprecate password fields. Could you please explain there the google cloud service use case in more details. I thought we should not store plain-text passwords in config files ever since it is not secure, but may be I missed some cases. > Make Configuration#getPasswordFromCredentialsProvider() a public API > -------------------------------------------------------------------- > > Key: HADOOP-15325 > URL: https://issues.apache.org/jira/browse/HADOOP-15325 > Project: Hadoop Common > Issue Type: Improvement > Components: conf > Affects Versions: 2.6.0 > Reporter: Wei-Chiu Chuang > Assignee: Zsolt Venczel > Priority: Major > > HADOOP-10607 added a public API Configuration.getPassword() which reads > passwords from credential provider and then falls back to reading from > configuration if one is not available. > This API has been used throughout Hadoop codebase and downstream > applications. It is understandable for old password configuration keys to > fallback to configuration to maintain backward compatibility. But for new > configuration passwords that don't have legacy, there should be an option to > _not_ fallback, because storing passwords in configuration is considered a > bad security practice. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org