[
https://issues.apache.org/jira/browse/HADOOP-10428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960123#comment-13960123
]
Benoy Antony commented on HADOOP-10428:
---------------------------------------
1. Instead of reading the password to a _String_, it is more secure to read it
directly to a character array. Note that you will eventually convert this to a
character array.
2. Note that there is normally a one to one correspondence between URI (
keystore location) and its password. But this class supports only one
password for all keystore URIs. So there is a mismatch in cardinality between
URI and password. I believe , the URI or a string derived from it should be
used in obtaining password.
BTW , the above concerns may not be the scope of this jira. If so, please
indicate and I can file another jira to take care of them.
> JavaKeyStoreProvider should accept keystore password via configuration
> falling back to ENV VAR
> -----------------------------------------------------------------------------------------------
>
> Key: HADOOP-10428
> URL: https://issues.apache.org/jira/browse/HADOOP-10428
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10428.patch, HADOOP-10428.patch,
> HADOOP-10428.patch
>
>
> Currently the password for the {{JavaKeyStoreProvider}} must be set in an ENV
> VAR.
> Allowing the password to be set via configuration enables applications to
> interactively ask for the password before initializing the
> {{JavaKeyStoreProvider}}.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
