Jeff Zhang created ZEPPELIN-1778:
------------------------------------
Summary: Potential security issue for passing user credential to
interpreter process
Key: ZEPPELIN-1778
URL: https://issues.apache.org/jira/browse/ZEPPELIN-1778
Project: Zeppelin
Issue Type: Improvement
Affects Versions: 0.6.2, 0.7.0
Reporter: Jeff Zhang
Priority: Critical
Currently zeppelin-server will pass user credential info to interpreter process
through thrift. This would cause potential security issue as I think the thrift
protocol we used for now is not secured. One solution is to enable SSL for
thrift.
Besides, there're 2 other problems:
* credential info will be save in conf/credentials.json in plain text.
* credential info be passed to all the interpreters no matter whether this
interpreter need this.
\cc [~moon] [[email protected]] [~prasadwagle]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
