[ https://issues.apache.org/jira/browse/ACCUMULO-1086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588715#comment-13588715 ]
Eric Newton commented on ACCUMULO-1086: --------------------------------------- I've modified the code to hide passwords and require user credentials, which are checked. No further permissions are required. > Configuration secrets exposed via thrift RPC with no authentication > ------------------------------------------------------------------- > > Key: ACCUMULO-1086 > URL: https://issues.apache.org/jira/browse/ACCUMULO-1086 > Project: Accumulo > Issue Type: Bug > Components: master, thrift, tserver > Reporter: Christopher Tubbs > Assignee: Eric Newton > Priority: Blocker > Fix For: 1.5.0 > > > Trace password, keystore passwords, and other sensitive information is > available without any authentication whatsoever, in the thrift client > service. What's the reason for not requiring authentication here? -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira