如何从 ps 列表下方隐藏 keyStorePassword 和 trustStorePassword?
ec2-user 6348 1 6 06:49 ? 00:26:56 /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java -Xmx8048m -Djava_net_preferIPv4Stack=true -Djavax.net.ssl.trustStore=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djava.net.preferIPv4Stack=true -Dhadoop.log.dir=/usr/lib/hadoop-2.7.5/logs -Dhadoop.log.file=hadoop.log -Dhadoop.home.dir=/usr/lib/hadoop-2.7.5 -Dhadoop.id.str=ec2-user -Dhadoop.root.logger=INFO,console -Djava.library.path=/usr/lib/hadoop-2.7.5/lib/native -Dhadoop.policy.file=hadoop-policy.xml -Djava.net.preferIPv4Stack=true -Xmx512m -Dhadoop.security.logger=INFO,NullAppender org.apache.hadoop.util.RunJar /usr/lib/apache-hive-2.3.2-bin/lib/hive-metastore-2.3.2.jar org.apache.hadoop.hive.metastore.HiveMetaStore
ec2-user 17784 1 10 06:58 ? 00:44:00 /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java -Xmx8048m -Djava_net_preferIPv4Stack=true -Djavax.net.ssl.trustStore=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djava.net.preferIPv4Stack=true -Dhadoop.log.dir=/usr/lib/hadoop-2.7.5/logs -Dhadoop.log.file=hadoop.log -Dhadoop.home.dir=/usr/lib/hadoop-2.7.5 -Dhadoop.id.str=ec2-user -Dhadoop.root.logger=INFO,console -Djava.library.path=/usr/lib/hadoop-2.7.5/lib/native -Dhadoop.policy.file=hadoop-policy.xml -Djava.net.preferIPv4Stack=true -Xmx512m -Dproc_hiveserver2 -Dlog4j.configurationFile=hive-log4j2.properties -Djava.util.logging.config.file=/usr/lib/apache-hive-2.3.2-bin/conf/parquet-logging.properties -Djline.terminal=jline.UnsupportedTerminal -Dhadoop.security.logger=INFO,NullAppender org.apache.hadoop.util.RunJar /usr/lib/apache-hive-2.3.2-bin/lib/hive-service-2.3.2.jar org.apache.hive.service.server.HiveServer2 --hiveconf hive.server2.thrift.port=10000 --hiveconf hive.root.logger=DEBUG,console
ec2-user 18710 6049 19 06:59 ? 01:21:03 /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java -cp /home/ec2-user/spark_home/conf/:/home/ec2-user/spark_home/jars/* -Xmx58368M -Dspark.ssl.enabledAlgorithms=ECDHE-RSA-AES256-SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 -Dspark.ssl.keyStorePassword=changeit -Dspark.ssl.ui.port=4040 -Dspark.ssl.trustStorePassword=changeit -Dspark.network.timeout=7200s -Dspark.ssl.enabled=true -Dspark.ssl.trustStore=/home/ec2-user/spark_home/conf/alias-trust-nonprd.jks -Dspark.port.maxRetries=1600 -Dspark.hadoop.fs.s3a.proxy.port=3128 -Dspark.rpc.numRetries=1600 -Dspark.rpc.lookupTimeout=7200s -Dspark.ssl.protocol=TLSv1.2 -Dspark.ssl.trustStoreType=JKS -Dspark.rpc.askTimeout=700 -Dspark.ssl.keyPassword=changeit -Dspark.blockManager.port=38000 -Dspark.driver.port=38002 -Dspark.ssl.keyStore=/home/ec2-user/spark_home/conf/alias-nonprd.jks org.apache.spark.executor.CoarseGrainedExecutorBackend --driver-url spark://CoarseGrainedScheduler@ip-iphere.domain:38002 --executor-id 0 --hostname ip --cores 48 --app-id app-20180524065933-0000 --worker-url spark://Worker@ip:33239
最佳答案
trustStorePassword 不如 keyStorePassword 重要,您可以为两者选择不同的解决方案。正如评论中所建议的那样,keyStorePassword 应该从“ protected ”(只能由其所有者读取)属性文件中读取,这就是我们在 JSSE Reference Guide 中找到的内容.
关于linux 上的 java - 隐藏 ssl.keyStorePassword,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50511255/