Skip to content

[Minor] Remove hardcoded key in zeppelinhub. #2621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yanboliang wants to merge 1 commit into from
Closed

[Minor] Remove hardcoded key in zeppelinhub. #2621

yanboliang wants to merge 1 commit into from

Conversation

@yanboliang
Copy link
Contributor

@yanboliang yanboliang commented Oct 11, 2017
edited
Loading

What is this PR for?

Hardcoded seed/key may cause security issue, so remove potential risk.

What type of PR is it?

[Improvement]

Todos

No.

What is the Jira issue?

No jira created.

@yanboliang
Copy link
Contributor Author

yanboliang commented Oct 11, 2017

@prabhjyotsingh Please help review.

@yanboliang yanboliang closed this Oct 12, 2017
@yanboliang yanboliang reopened this Oct 12, 2017
prabhjyotsingh
prabhjyotsingh approved these changes Oct 12, 2017
View reviewed changes
Copy link
Contributor

@prabhjyotsingh prabhjyotsingh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, there shouldn't be any hard-coded KEY.

@khalidhuseynov
Copy link
Member

khalidhuseynov commented Oct 12, 2017

LGTM

@felixcheung
Copy link
Member

felixcheung commented Oct 12, 2017

@Leemoonsoo

@krishna-pandey
Copy link
Contributor

krishna-pandey commented Oct 12, 2017

We need to consider below while removing the key. Are we relying on any such behaviour by specifying the seed value?
"If two instances of Random are created with the same seed, and the same sequence of method calls is made for each, they will generate and return identical sequences of numbers."

Refer: http://docs.oracle.com/javase/8/docs/api/java/util/Random.html

@krishna-pandey
Copy link
Contributor

krishna-pandey commented Oct 12, 2017

LGTM.
It seems we are using SecureRandom which does not require seed explicitly to initialise and hence hardcoded key can be removed, unless we intentionally wanted a deterministic output.

@yanboliang yanboliang closed this Oct 12, 2017
@yanboliang yanboliang reopened this Oct 12, 2017
@prabhjyotsingh
Copy link
Contributor

prabhjyotsingh commented Oct 13, 2017
edited
Loading

Merging this if no more discussion.

Build fails for profile #4(selenium, https://travis-ci.org/yanboliang/zeppelin/jobs/286776182) which looks flaky and unrelated to me.

@asfgit asfgit closed this in ed8755d Oct 14, 2017
@yanboliang yanboliang deleted the key branch October 16, 2017 23:46
prabhjyotsingh pushed a commit to prabhjyotsingh/zeppelin that referenced this pull request Oct 23, 2017
@yanboliang @prabhjyotsingh
BUG-82571: [Minor] Remove hardcoded key in zeppelinhub.
fa4079d 
Hardcoded seed/key may cause security issue, so remove potential risk.

[Improvement]

No.

No jira created.

Author: Yanbo Liang <[email protected]>

Closes apache#2621 from yanboliang/key and squashes the following commits:

2515283 [Yanbo Liang] Remove hardcoded key in zeppelinhub.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prabhjyotsingh prabhjyotsingh prabhjyotsingh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yanboliang @khalidhuseynov @felixcheung @krishna-pandey @prabhjyotsingh