[ https://issues.apache.org/jira/browse/OOZIE-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15393253#comment-15393253 ]
Venkat Ranganathan commented on OOZIE-2244: ------------------------------------------- IMO We probably should finish this patch as it is this for Sqoop action where it is more pronounced currently and have a fuller approach that covers all actions > Oozie should mask passwords in the logs when logging command arguments > ---------------------------------------------------------------------- > > Key: OOZIE-2244 > URL: https://issues.apache.org/jira/browse/OOZIE-2244 > Project: Oozie > Issue Type: Bug > Affects Versions: 4.1.0, 4.0.1 > Environment: All > Reporter: Venkat Ranganathan > Assignee: Venkat Ranganathan > Priority: Critical > Fix For: trunk > > Attachments: OOZIE-2244-no-prefix.patch > > > Users have complained that oozie logging the password related argument values > in the launcher log is a security hole and want it to be masked in the > output. Even password aliases in keystore are considered to be a security > hole. > The fix is to mask any argument values if option name contains the string > password (which is true for Sqoop). We do this in multiple places, in Sqoop > main, in Launcher Mapper, in JavaMain as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332)