UDx Session parameters *_password and *_secret are not masked in some places
Hi,
Vertica is doing great job in masking value of UDx session parameters that ends with _password and _secret.
I stumbled that values of those parameters are not masked in dc_session_parameters, you can see them in clear text, including passwords etc.
Can you ask Vertica security team, is it expected behaviour? I can see it on v 24.3.0-1.
Thank you
Sergey
0
Answers
Hi Sergey
I was able to reproduce that behavior with parameter name ending with _password but not with _secret (in that case nothing seems written in dc_session_parameters).
I did file a JIRA for engineering on the behavior for parameter names ending with _password.
Thanks
Thanks @SergeB
Though it is questionable why it is ever needed to write all session UD parameters to collector. It definitely useful for debug but not for prod.
Please comment on JIRA, ask to provide a way to individually control data collectors. Vertica provide a way to turn all of data collectors on system level, but do not provide a way to selectively turn off individual data collector. Would be very nice if I can turn any collector on and off, some of them very large. I cannot turn off all of them, because some collectors are vital for Vertica monitoring.
@scherepanov You should be able to set a retenttion policy on that component (0 for disk, minimal for memory) to achieve that. From a support standpoint, dc tables are often key to resolve support cases typically on prod system. Specifically, we have used dc_session_parameters on occasion to resolve some Kafka integration issues (as it leverages UDSession parameters).