[
https://issues.apache.org/jira/browse/YARN-2373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090659#comment-14090659
]
Varun Vasudev commented on YARN-2373:
-------------------------------------
[~lmccay] thanks for the patch! Some general questions(since this is part of a
larger effort) -
1. For the null case(where the WebAppUtils.getPassword() returns null), should
we add a warning or an audit log that someone was trying to get a password that
was null?
2. Will you update documentation in another ticket(just to let users know that
they can use a CredentialProvider instead of using plain text)?
Other than that, it looks good to me.
> WebAppUtils Should Use configuration.getPassword for Accessing SSL Passwords
> ----------------------------------------------------------------------------
>
> Key: YARN-2373
> URL: https://issues.apache.org/jira/browse/YARN-2373
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Larry McCay
> Attachments: YARN-2373.patch, YARN-2373.patch, YARN-2373.patch
>
>
> As part of HADOOP-10904, this jira represents a change to WebAppUtils to
> uptake the use of the credential provider API through the new method on
> Configuration called getPassword.
> This provides an alternative to storing the passwords in clear text within
> the ssl-server.xml file while maintaining backward compatibility with that
> behavior.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
