hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-9013) Hive set command exposes metastore db password
Date Sun, 11 Oct 2015 23:13:05 GMT

    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952485#comment-14952485
] 

Thejas M Nair commented on HIVE-9013:
-------------------------------------

Thanks for creating the jira and your patch [~decster]!

I think we should make the solution for this consistent with what was done in HIVE-10508.
 The problem is same. I think the same rules should be used in both places.

Another comment I have is that we should distinguish between settings that user should not
be allowed to change from client and ones that user should be allowed to read.
For debugging purposes, it is helpful to read config values such as hive.security.authenticator.manager,hive.security.authorization.manager,hive.users.in.admin.role
.


> Hive set command exposes metastore db password
> ----------------------------------------------
>
>                 Key: HIVE-9013
>                 URL: https://issues.apache.org/jira/browse/HIVE-9013
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.13.1
>            Reporter: Binglin Chang
>            Assignee: Binglin Chang
>         Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch
>
>
> When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename),
but set command alone also list all information(including vars in restrict list), this exposes
like "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars command.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message