[
https://issues.apache.org/jira/browse/RANGER-3822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17565903#comment-17565903
]
Madhan Neethiraj commented on RANGER-3822:
------------------------------------------
[~amazingBoy_hbh] - thank you for the patch. It is committed in master branch:
{noformat}
commit 057bba4f570998d1ead6d4c23f7b24a41e7f1e51 (HEAD -> master, origin/master,
origin/HEAD)
Author: Hoo199212 <18637171...@163.com>
Date: Tue Jul 12 14:30:17 2022 +0800
RANGER-3822: redact password in RangerService.toString()
Signed-off-by: Madhan Neethiraj <mad...@apache.org> {noformat}
> RangerService outputs password information in plaintext
> -------------------------------------------------------
>
> Key: RANGER-3822
> URL: https://issues.apache.org/jira/browse/RANGER-3822
> Project: Ranger
> Issue Type: Improvement
> Components: admin
> Affects Versions: 1.2.0, 2.2.0
> Reporter: Binhua Hu
> Assignee: Binhua Hu
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> RangerService outputs information in plaintext, causing the component
> password to be leaked.For example, when the Ranger service with the same name
> is created repeatedly, the password information of relevant components will
> be printed in the log.
> {code:java}
> 2022-07-11 10:08:59,505 [http-bio-6080-exec-4] ERROR
> org.apache.ranger.rest.ServiceRest(SericeREST.java:672) -
> createService(RangerService={id={null} guid={null} isEnabled={true}
> createdBy={null} updateBy={null} createTime={Thu Jan 01 08:00:00 GMT+8:00
> 1970} updateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} version={1}
> name={service-kafka} type={kafka} description={null} tagService={null}
> configs={password={123456} username={admin}} policyVersion={0}
> policyUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} tagVersion={1}
> tagUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970}}) failed{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
