Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11748

The secrets of auth cookies should not be specified in configuration in clear text

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 2.7.0
    • None
    • None
    • Reviewed

    Description

      Based on the discussion on HADOOP-10670, this jira proposes to remove StringSecretProvider as it opens up possibilities for misconfiguration and security vulnerabilities.

      My understanding is that the use case of inlining the secret is never supported. The property is used to pass the secret internally. The way it works before HADOOP-10868 is the following:

      • Users specify the initializer of the authentication filter in the configuration.
      • AuthenticationFilterInitializer reads the secret file. The server will not start if the secret file does not exists. The initializer will set the property if it read the file correctly.
        *There is no way to specify the secret in the configuration out-of-the-box – the secret is always overwritten by AuthenticationFilterInitializer.

      Attachments

        1. HADOOP-11748.001.patch
          31 kB
          Haohui Mai
        2. HADOOP-11748-032615-poc.patch
          17 kB
          Li Lu

        Issue Links

          Activity

            People

              gtcarrera9 Li Lu
              wheat9 Haohui Mai
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: