Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11748

The secrets of auth cookies should not be specified in configuration in clear text

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.7.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Based on the discussion on HADOOP-10670, this jira proposes to remove StringSecretProvider as it opens up possibilities for misconfiguration and security vulnerabilities.

      My understanding is that the use case of inlining the secret is never supported. The property is used to pass the secret internally. The way it works before HADOOP-10868 is the following:

      • Users specify the initializer of the authentication filter in the configuration.
      • AuthenticationFilterInitializer reads the secret file. The server will not start if the secret file does not exists. The initializer will set the property if it read the file correctly.
        *There is no way to specify the secret in the configuration out-of-the-box – the secret is always overwritten by AuthenticationFilterInitializer.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gtCarrera9 Li Lu
                Reporter:
                wheat9 Haohui Mai
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: