[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647854#comment-17647854 ] Selvamohan Neethiraj commented on RANGER-1643: -- [~andrewsmith87] - What is pending on this fix? > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > Attachments: > 0001-RANGER-1644-RANGER-1643-using-stronger-crypto-algo-s.patch > > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274512#comment-16274512 ] Endre Kovacs commented on RANGER-1643: -- As per offline discussions with [~zsombor] : Moving out those (secret) keys from the `ranger-admin-default-site.xml ` and storing them in database (as RangerService instances end up in db) may introduce security concern(s) * these db rows could possibly be queryable over the network. storing them on a well guarded ranger-admin node in .xml file may possibly be more secure. > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > Fix For: 1.0.0 > > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[
https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274330#comment-16274330
]
Endre Kovacs commented on RANGER-1643:
--
[~bpatel] [~sneethiraj] [~rdonbosco]
i've got a observation / question / suggestion:
Currently each service service definition is (re)using exactly the same:
* encryption algorithm
* encryption key
* salt
* number of iterations
that is stored in
`security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml`:
{code}
ranger.password.encryption.key
tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV
ranger.password.salt
f77aLYLo
ranger.password.iteration.count
1000
ranger.password.encryption.algorithm
PBEWithMD5AndDES
{code}
IMHO at least _encryption key_ and _salt_ should be moved out from this shared
config area (but preferably iteration and algo as well), and introduced under
the config node at each `ranger-servicedef-.json` OR generated and
set to the field `org.apache.ranger.plugin.model.RangerService.configs` on the
fly when the service is created,
as new key and value pairs.
Best regards,
Endre
> Handle multiple comma in credentials ...
>
>
> Key: RANGER-1643
> URL: https://issues.apache.org/jira/browse/RANGER-1643
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
>Affects Versions: 0.6.3, 0.7.1
>Reporter: Selvamohan Neethiraj
>Assignee: Endre Kovacs
>Priority: Minor
> Fix For: 1.0.0
>
>
> Currently, PasswordUtils parses the encryption configuration based on the
> presence of a comma character. The actual password itself may have comma
> characters. We should fix this to allow the user with the password or we
> should remove the code that handles the password without having encryption
> configuration as part of the input string.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249714#comment-16249714 ] Endre Kovacs commented on RANGER-1643: -- you are right [~bpatel], i'll do proceed with that! Thanks! Endre > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249197#comment-16249197 ] bhavik patel commented on RANGER-1643: -- [~andrewsmith87] : I think it's better to combine this Jira with RANGER-1644 because if anything is breaking or for backward compatibility then it will easier to debug. > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16247284#comment-16247284 ] Endre Kovacs commented on RANGER-1643: -- i'd like to proceed with this patch after RANGER-1644 is resolved & commited > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
