[
https://issues.apache.org/jira/browse/HADOOP-15325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418190#comment-16418190
]
Wei-Chiu Chuang commented on HADOOP-15325:
------------------------------------------
+1 to make getPasswordFromCredentialsProvider() public instead.
[~zvenczel] could you post a patch for that? We can raise a new Jira to
deprecate all existing password fields in current configuration since that's
going to be a pretty substantial work I assume.
Once we have HADOOP-15325 in, it'll unblock HADOOP-12862 and thus Hadoop 2.7.6.
> Add an option to make Configuration.getPassword() not to fallback to read
> passwords from configuration.
> -------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-15325
> URL: https://issues.apache.org/jira/browse/HADOOP-15325
> Project: Hadoop Common
> Issue Type: Improvement
> Components: conf
> Affects Versions: 2.6.0
> Reporter: Wei-Chiu Chuang
> Assignee: Zsolt Venczel
> Priority: Major
>
> HADOOP-10607 added a public API Configuration.getPassword() which reads
> passwords from credential provider and then falls back to reading from
> configuration if one is not available.
> This API has been used throughout Hadoop codebase and downstream
> applications. It is understandable for old password configuration keys to
> fallback to configuration to maintain backward compatibility. But for new
> configuration passwords that don't have legacy, there should be an option to
> _not_ fallback, because storing passwords in configuration is considered a
> bad security practice.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
