[jira] [Updated] (OOZIE-2244) Oozie should mask passwords in the logs when logging command arguments

Venkat Ranganathan (JIRA) Thu, 21 May 2015 12:04:49 -0700

     [ 
https://issues.apache.org/jira/browse/OOZIE-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Venkat Ranganathan updated OOZIE-2244:
--------------------------------------
    Summary: Oozie should mask passwords in the logs when logging command 
arguments  (was: Oozie should mask passwords in the logs when provided as 
command arguments)

> Oozie should mask passwords in the logs when logging command arguments
> ----------------------------------------------------------------------
>
>                 Key: OOZIE-2244
>                 URL: https://issues.apache.org/jira/browse/OOZIE-2244
>             Project: Oozie
>          Issue Type: Bug
>    Affects Versions: 4.1.0, 4.0.1
>         Environment: All
>            Reporter: Venkat Ranganathan
>            Assignee: Venkat Ranganathan
>            Priority: Critical
>
> Users have complained that oozie logging the password related argument values 
> in the launcher log is a security hole and want it to be masked in the 
> output.   Even password aliases in keystore are considered to be a security 
> hole.
> The fix is to mask any argument values if option name contains the string 
> password (which is true for Sqoop).   We do this in multiple places, in Sqoop 
> main, in Launcher Mapper, in JavaMain as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (OOZIE-2244) Oozie should mask passwords in the logs when logging command arguments

Reply via email to