search

apache / druid

Apache Druid: a high performance real-time analytics database.
https://druid.apache.org/
Apache License 2.0
13.46k stars 3.7k forks source link

[Lookup] LookupExtractorFactoryMapContainer will cause jdbc password leak issue #8658

Open FaxianZhao opened 5 years ago

FaxianZhao commented 5 years ago

Affected Version

Description

Coordinator use LookupExtractorFactoryMapContainer instead of LookupExtractorFactoryContainer to store lookup spec, so there is no PasswordProvider to protect jdbc password. Anyone could use GET /druid/coordinator/v1/lookups/config/all find them.

jon-wei commented 4 years ago

@FaxianZhao Are you using a DefaultPasswordProvider? If so, even if the Coordinator used LookupExtractorFactoryContainer instead of LookupExtractorFactoryMapContainer, the DefaultPasswordProvider would still have a visible password in its serialized form.

You could consider using an EnvironmentPasswordProvider in your JDBC extraction namespace instead, so the password doesn't appear

FaxianZhao commented 4 years ago

@FaxianZhao Are you using a DefaultPasswordProvider? If so, even if the Coordinator used LookupExtractorFactoryContainer instead of LookupExtractorFactoryMapContainer, the DefaultPasswordProvider would still have a visible password in its serialized form.

You could consider using an EnvironmentPasswordProvider in your JDBC extraction namespace instead, so the password doesn't appear

Thanks for your help. If we use LookupExtractorFactoryContainer in coordinator, we should load all LookupExtractorFactory extensions when it start. Otherwise, coordinator cannot recognize the right implement.

himanshug commented 4 years ago

I agree with @jon-wei , to protect the password using EnvironmentVariablePasswordProvider or your own implementation to PasswordProvider would be the right approach.