Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-23025

credentials exposed in ECL workunit logs (THOR)

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Not specified
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.4.38, 7.6.16, 7.2.56
    • Component/s: Workunit
    • Labels:
      None

      Description

      After 7.x all fileservices that does a remote call requires credentials

      1. created hpccinternal file and protect it so it accessible only by the user/ower of the file
      2. When the file is read to get the credentials it is being exposed in the WU logs

      File read: hpccinternal::ananth_prod::userinfo

      WU logs show:

      0000002D 2019-09-23 17:00:11.850 287199 287199 "setResultString(glC1,-3,'~hpccinternal::ananth_prod::userinfo')"
      0000002E 2019-09-23 17:00:11.853 287199 287199 "Executing hthor graph graph10"
      0000002F 2019-09-23 17:00:11.862 287199 287199 "Executing subgraph 89"
      00000030 2019-09-23 17:00:11.920 287199 287199 ",FileAccess,HThor,READ,hthor_eclcc,ananth_prod,hpccinternal::ananth_prod::userinfo,W20190923-XXXXXX,graph10"
      00000031 2019-09-23 17:00:11.920 287199 287199 "Reading file /var/lib/HPCCSystems/hpcc-data/eclagent/hpccinternal/ananth_prod/userinfo._1_of_1"
      00000032 2019-09-23 17:00:11.920 287199 287199 "setResultString(aD1,-3,' username=ananth_prod password=xxxxxxxxxx')" // removing password and replacing with xxxxxxx

       

      The username and password value is used in dfuplusexec for now, eventually it will be used in remotepull, Copy and other services 

        Attachments

          Activity

            People

            • Assignee:
              richardkchapman Richard Chapman
              Reporter:
              anandjun Anantha Venkatachalam
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: