[RANGER-3822] RangerService outputs password information in plaintext - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.2.0, 2.2.0
Fix Version/s: 3.0.0, 2.4.0
Component/s: admin
Labels:
None

Description

RangerService outputs information in plaintext, causing the component password to be leaked.For example, when the Ranger service with the same name is created repeatedly, the password information of relevant components will be printed in the log.

2022-07-11 10:08:59,505 [http-bio-6080-exec-4] ERROR org.apache.ranger.rest.ServiceRest(SericeREST.java:672) - createService(RangerService={id={null} guid={null} isEnabled={true} createdBy={null} updateBy={null} createTime={Thu Jan 01 08:00:00 GMT+8:00 1970} updateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} version={1} name={service-kafka} type={kafka} description={null} tagService={null} configs={password={123456} username={admin}} policyVersion={0} policyUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970} tagVersion={1} tagUpdateTime={Thu Jan 01 08:00:00 GMT+8:00 1970}}) failed

Attachments

Activity

People

Assignee:: Binhua Hu

Reporter:: Binhua Hu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Jul/22 06:14

Updated:: 25/Jul/22 18:06

Resolved:: 12/Jul/22 16:08

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h