[jira] [Updated] (FLINK-13957) Redact passwords from dynamic properties on job submission

Matyas Orhidi (Jira) Wed, 04 Sep 2019 05:07:45 -0700


     [ 
https://issues.apache.org/jira/browse/FLINK-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Matyas Orhidi updated FLINK-13957:
----------------------------------
    Description: 
SSL related passwords specified by dynamic properties

{{flink run -m yarn-cluster -sae -p 2 -ynm HeapMonitor \}}
{{...}}
{{-yD security.ssl.internal.key-password=changeit \}}
{{-yD security.ssl.internal.keystore-password=}}{{changeit}}{{ \}}
{{-yD security.ssl.internal.truststore-password=}}{{changeit}}{{ \}}

{{...}}

are showing up in {{FlinkYarnSessionCli}} logs in plain text:

{{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.truststore-password=changeit}}
 {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.keystore-password=changeit}}
 {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.key-password=changeit}}

  was:
SSL related passwords specified by dynamic properties are showing up in 
{{FlinkYarnSessionCli}} logs in plain text:

{{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.truststore-password=changeit}}
{{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.keystore-password=changeit}}
{{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
security.ssl.internal.key-password=changeit}}


> Redact passwords from dynamic properties on job submission
> ----------------------------------------------------------
>
>                 Key: FLINK-13957
>                 URL: https://issues.apache.org/jira/browse/FLINK-13957
>             Project: Flink
>          Issue Type: Improvement
>          Components: Client / Job Submission
>    Affects Versions: 1.9.0
>            Reporter: Matyas Orhidi
>            Assignee: Matyas Orhidi
>            Priority: Major
>              Labels: log, security, sensitivity
>             Fix For: 1.9.1
>
>
> SSL related passwords specified by dynamic properties
> {{flink run -m yarn-cluster -sae -p 2 -ynm HeapMonitor \}}
> {{...}}
> {{-yD security.ssl.internal.key-password=changeit \}}
> {{-yD security.ssl.internal.keystore-password=}}{{changeit}}{{ \}}
> {{-yD security.ssl.internal.truststore-password=}}{{changeit}}{{ \}}
> {{...}}
> are showing up in {{FlinkYarnSessionCli}} logs in plain text:
> {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
> security.ssl.internal.truststore-password=changeit}}
>  {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
> security.ssl.internal.keystore-password=changeit}}
>  {{19/09/04 04:57:43 INFO cli.FlinkYarnSessionCli: Dynamic Property set: 
> security.ssl.internal.key-password=changeit}}



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Updated] (FLINK-13957) Redact passwords from dynamic properties on job submission

Reply via email to