Haohui Mai created HADOOP-11748: ----------------------------------- Summary: Secrets for auth cookies can be specified in clear text Key: HADOOP-11748 URL: https://issues.apache.org/jira/browse/HADOOP-11748 Project: Hadoop Common Issue Type: Bug Reporter: Haohui Mai Priority: Critical
Based on the discussion on HADOOP-10670, this jira proposes to remove {{StringSecretProvider}} as it opens up possibilities for misconfiguration and security vulnerabilities. {quote} My understanding is that the use case of inlining the secret is never supported. The property is used to pass the secret internally. The way it works before HADOOP-10868 is the following: * Users specify the initializer of the authentication filter in the configuration. * AuthenticationFilterInitializer reads the secret file. The server will not start if the secret file does not exists. The initializer will set the property if it read the file correctly. *There is no way to specify the secret in the configuration out-of-the-box – the secret is always overwritten by AuthenticationFilterInitializer. {quote} -- This message was sent by Atlassian JIRA (v6.3.4#6332)