Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-26998

spark.ssl.keyStorePassword in plaintext on 'ps -ef' output of executor processes in Standalone mode

    XMLWordPrintableJSON

    Details

      Description

      Run spark standalone mode, then start a spark-submit requiring at least 1 executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to see  spark.ssl.keyStorePassword value in plaintext!

       

      spark.ssl.keyStorePassword and  spark.ssl.keyPassword don't need to be passed to  CoarseGrainedExecutorBackend. Only  spark.ssl.trustStorePassword is used.

       

      Can be resolved if below PR is merged:

      [Github] Pull Request #21514 (tooptoop4)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gsomogyi Gabor Somogyi
                Reporter:
                toopt4 t oo
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: