[
https://issues.apache.org/jira/browse/ACCUMULO-1086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13588715#comment-13588715
]
Eric Newton commented on ACCUMULO-1086:
---------------------------------------
I've modified the code to hide passwords and require user credentials, which
are checked. No further permissions are required.
> Configuration secrets exposed via thrift RPC with no authentication
> -------------------------------------------------------------------
>
> Key: ACCUMULO-1086
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1086
> Project: Accumulo
> Issue Type: Bug
> Components: master, thrift, tserver
> Reporter: Christopher Tubbs
> Assignee: Eric Newton
> Priority: Blocker
> Fix For: 1.5.0
>
>
> Trace password, keystore passwords, and other sensitive information is
> available without any authentication whatsoever, in the thrift client
> service. What's the reason for not requiring authentication here?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
