hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-9013) Hive set command exposes metastore db password
Date Fri, 23 Oct 2015 00:38:27 GMT

    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14970194#comment-14970194
] 

Sushanth Sowmyan commented on HIVE-9013:
----------------------------------------

Hi Binglin, thanks for your update. I think we could use two more minor changes:

a) It'd be good to have a .q test added to this that simply sets one hidden variable and non-hidden
variable, and then runs a set (to show all) and a set on each of these individual variables
(to show individual behaviour) - that way, we'll have a .q.out test that we can check against
in the future for regressions.
b) There's another jira, HIVE-10518, which introduced behaviour to strip out password details
from a jobconf before passing it on. Could you please also make a change, so that these two
are integrated together better? i.e. The goal behaviour for Utilities.stripHivePasswordDetails
after your patch should not be Utilities.stripHivePasswordDetails but Utilities.stripRestrictedConfigurations,
thereby stripping all other config params that match your new enum as well.

Thanks!

> Hive set command exposes metastore db password
> ----------------------------------------------
>
>                 Key: HIVE-9013
>                 URL: https://issues.apache.org/jira/browse/HIVE-9013
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.13.1
>            Reporter: Binglin Chang
>            Assignee: Binglin Chang
>         Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch, HIVE-9013.4.patch
>
>
> When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename),
but set command alone also list all information(including vars in restrict list), this exposes
like "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars command.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message