[ZEPPELIN-1778] Potential security issue for passing user credential to interpreter process - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: 0.6.2, 0.7.0
Fix Version/s: None
Component/s: None
Labels:
None

Description

Currently zeppelin-server will pass user credential info to interpreter process through thrift. This would cause potential security issue as I think the thrift protocol we use for now is not secured. One solution is to enable SSL for thrift.

Besides, there're 2 other problems:

credential info is saved in conf/credentials.json in plain text.
credential info is passed to all the interpreters no matter whether this interpreter need this.

\cc moon vinayshukla@gmail.com prasadwagle

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jeff Zhang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Dec/16 08:41

Updated:: 09/Dec/16 08:43