[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17647854#comment-17647854 ] Selvamohan Neethiraj commented on RANGER-1643: -- [~andrewsmith87] - What is pending on this fix? > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > Attachments: > 0001-RANGER-1644-RANGER-1643-using-stronger-crypto-algo-s.patch > > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274512#comment-16274512 ] Endre Kovacs commented on RANGER-1643: -- As per offline discussions with [~zsombor] : Moving out those (secret) keys from the `ranger-admin-default-site.xml ` and storing them in database (as RangerService instances end up in db) may introduce security concern(s) * these db rows could possibly be queryable over the network. storing them on a well guarded ranger-admin node in .xml file may possibly be more secure. > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > Fix For: 1.0.0 > > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16274330#comment-16274330 ] Endre Kovacs commented on RANGER-1643: -- [~bpatel] [~sneethiraj] [~rdonbosco] i've got a observation / question / suggestion: Currently each service service definition is (re)using exactly the same: * encryption algorithm * encryption key * salt * number of iterations that is stored in `security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml`: {code} ranger.password.encryption.key tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV ranger.password.salt f77aLYLo ranger.password.iteration.count 1000 ranger.password.encryption.algorithm PBEWithMD5AndDES {code} IMHO at least _encryption key_ and _salt_ should be moved out from this shared config area (but preferably iteration and algo as well), and introduced under the config node at each `ranger-servicedef-.json` OR generated and set to the field `org.apache.ranger.plugin.model.RangerService.configs` on the fly when the service is created, as new key and value pairs. Best regards, Endre > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > Fix For: 1.0.0 > > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249714#comment-16249714 ] Endre Kovacs commented on RANGER-1643: -- you are right [~bpatel], i'll do proceed with that! Thanks! Endre > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249197#comment-16249197 ] bhavik patel commented on RANGER-1643: -- [~andrewsmith87] : I think it's better to combine this Jira with RANGER-1644 because if anything is breaking or for backward compatibility then it will easier to debug. > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (RANGER-1643) Handle multiple comma in credentials ...
[ https://issues.apache.org/jira/browse/RANGER-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16247284#comment-16247284 ] Endre Kovacs commented on RANGER-1643: -- i'd like to proceed with this patch after RANGER-1644 is resolved & commited > Handle multiple comma in credentials ... > > > Key: RANGER-1643 > URL: https://issues.apache.org/jira/browse/RANGER-1643 > Project: Ranger > Issue Type: Bug > Components: Ranger >Affects Versions: 0.6.3, 0.7.1 >Reporter: Selvamohan Neethiraj >Assignee: Endre Kovacs >Priority: Minor > > Currently, PasswordUtils parses the encryption configuration based on the > presence of a comma character. The actual password itself may have comma > characters. We should fix this to allow the user with the password or we > should remove the code that handles the password without having encryption > configuration as part of the input string. -- This message was sent by Atlassian JIRA (v6.4.14#64029)