This is security through obscurity, an obvious and a well-known anti pattern. I suppose that printing jvm options, that is registered by @IgniteSystemProperty annotation is an ideal variant
чт, 1 июл. 2021 г., 19:25 Valentin Kulichenko <valentin.kuliche...@gmail.com >: > Folks, > > *Anything* that a user provides to the system can potentially be considered > sensitive information. This includes the VM arguments. We can't predict > what exactly one can put there, so let's not make assumptions. > > When dealing with security, we should be as conservative as possible. That > said, I do not even agree with the pattern approach - there might be a > user's system property named IGNITE_xxx. It is also possible for our > internal properties to contain sensitive information (not all of them are > boolean flags). > > The only option I see is to print out specific properties for which we > agree that they are safe. For example, we can introduce an annotation that > would mark "safe" properties in IgniteSystemProperties; we will then print > out only those that are marked with the annotation. > > -Val > > > On Thu, Jul 1, 2021 at 7:07 AM Вячеслав Коптилин <slava.kopti...@gmail.com > > > wrote: > > > Hello Ivan, > > > > > At least, we could just hide params that match a specific pattern > > Yes, we can filter out all vm options that do not relate to Ignite, for > > instance. > > > > > Ilya, go ahead, file ticket and prepare a PR. > > Please do not rush. Let's listen to other community members. This > question > > is about security and it should not be discussed in a hurry (even though > it > > looks like an obvious thing). > > > > Thanks, > > S. > > > > чт, 1 июл. 2021 г. в 16:55, Ivan Daschinsky <ivanda...@gmail.com>: > > > > > I suppose, that all normal users should not suffer from this > > restrictions. > > > Nobody will pass password using jvm options. It is absolutely insane, > > > normal users pass passwords using environment variables. > > > > > > At least, we could just hide params that match specific pattern > > > > > > Ilya, go ahead, file ticket and prepare a PR. > > > > > > чт, 1 июл. 2021 г., 16:45 Вячеслав Коптилин <slava.kopti...@gmail.com > >: > > > > > > > Hello, > > > > > > > > Unfortunately, the user can pass its own system properties via JVM > > > options > > > > as follows: -DMY_SECRET_PASSWORD=123 > > > > It does not seem, this approach is the best one. However, the user > > should > > > > have a "kostyl" in order to hide these properties and values in the > log > > > > file, IMHO. > > > > > > > > Thanks, > > > > S. > > > > > > > > ср, 30 июн. 2021 г. в 22:52, Shishkov Ilya <shishkovi...@gmail.com>: > > > > > > > > > Hi Igniters, > > > > > > > > > > This feature [1, 2] prevents logging of the VM arguments when > > > > > IGNITE_TO_STRING_INCLUDE_SENSITIVE option is set to false. Till > now, > > > > method > > > > > IgniteKernal#ackVmArguments remains mostly the same [3]. > > > > > > > > > > Is this behaviour actual now? Often, we should be able to get from > > logs > > > > the > > > > > actual VM options used at startup even if output of sensitive data > is > > > > > restricted. > > > > > > > > > > 1. https://issues.apache.org/jira/browse/IGNITE-4991 > > > > > 2. > > > > > > > > > > > > > > > > > > > > https://github.com/apache/ignite/pull/2428/commits/4f90b6fd77bd23fa818620f0757b792ba388ef93 > > > > > 3. > > > > > > > > > > > > > > > > > > > > https://github.com/apache/ignite/blob/master/modules/core/src/main/java/org/apache/ignite/internal/IgniteKernal.java#L3002 > > > > > > > > > > > > > > >
