Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-2244

Oozie should mask passwords in the logs when logging command arguments

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.1.0, 4.0.1
    • Fix Version/s: 4.3.0
    • Component/s: None
    • Labels:
      None
    • Environment:

      All

      Description

      Users have complained that oozie logging the password related argument values in the launcher log is a security hole and want it to be masked in the output. Even password aliases in keystore are considered to be a security hole.

      The fix is to mask any argument values if option name contains the string password (which is true for Sqoop). We do this in multiple places, in Sqoop main, in Launcher Mapper, in JavaMain as well.

        Attachments

        1. OOZIE-2244-01.patch
          4 kB
          Venkat Ranganathan
        2. OOZIE-2244-no-prefix.patch
          4 kB
          Venkat Ranganathan

          Issue Links

            Activity

              People

              • Assignee:
                venkatnrangan Venkat Ranganathan
                Reporter:
                venkatnrangan Venkat Ranganathan
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: