[ https://issues.apache.org/jira/browse/HBASE-27320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17584630#comment-17584630 ]
Hudson commented on HBASE-27320: -------------------------------- Results for branch branch-2 [build #626 on builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/626/]: (x) *{color:red}-1 overall{color}* ---- details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/626/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/626/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/626/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (x) {color:red}-1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2/626/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > hide some sensitive configuration information in the UI > ------------------------------------------------------- > > Key: HBASE-27320 > URL: https://issues.apache.org/jira/browse/HBASE-27320 > Project: HBase > Issue Type: Improvement > Components: security, UI > Affects Versions: 3.0.0-alpha-3 > Reporter: ruanhui > Assignee: ruanhui > Priority: Minor > Fix For: 2.6.0, 2.5.1, 3.0.0-alpha-4, 2.4.15 > > > In the discussion about how to store keystore/truststore password securely, > [~bbeaudreault] mentioned and I quote here > "I agree that it seems insecure to put it directly into the hbase-site.xml. > Another reason is due to the RS UI which (helpfully) can print the entire > site configuration. We’d need to make sure the password is excluded from > that, but better to remove it from site xml altogether". > I also felt that some sensitive information was exposed in the UI, for > example, if we set superuser in the hbase-site.xml, the non-admin users can > obtain superuser information and simulate superuser to perform some > non-permitted operations on the cluster. So I think maybe we should hide > these sensitive information in the UI. -- This message was sent by Atlassian Jira (v8.20.10#820010)