Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-26998

spark.ssl.keyStorePassword in plaintext on 'ps -ef' output of executor processes in Standalone mode

    XMLWordPrintableJSON

Details

    Description

      Run spark standalone mode, then start a spark-submit requiring at least 1 executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to see  spark.ssl.keyStorePassword value in plaintext!

       

      spark.ssl.keyStorePassword and  spark.ssl.keyPassword don't need to be passed to  CoarseGrainedExecutorBackend. Only  spark.ssl.trustStorePassword is used.

       

      Can be resolved if below PR is merged:

      [Github] Pull Request #21514 (tooptoop4)

      Attachments

        Issue Links

          Activity

            People

              gsomogyi Gabor Somogyi
              toopt4 t oo
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: