hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sushanth Sowmyan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-9013) Hive set command exposes metastore db password
Date Fri, 23 Oct 2015 22:00:28 GMT

    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971950#comment-14971950
] 

Sushanth Sowmyan commented on HIVE-9013:
----------------------------------------

Hi [~decster], thanks for the update and the patch.

I'd ask for one last update if you don't mind (or we can do that as a separate patch):

It's better to have HiveConf.stripHiddenConfigurations(Configuration conf) as you have introduced
to be static, I think. That way, it avoids one notion of confusion later on in the code (as
in your patch) where we have to call it like this:

{code}
    conf.stripHiddenConfigurations(job);
{code}

In that scenario, it becomes unclear if we're stripping it from conf, or from job, and the
truth of the matter is that we're stripping it from job. If we made that call static, we can
call HiveConf.stripHiddenConfigurations(job), which would be much clearer.

I think, with that, I'm +1 on this. Thanks for adding in tests. Normally, for ql changes,
such as with set behaviour, we make changes to .q files, which is easier to develop, but having
a proper junit test as you have done is good too. :)

> Hive set command exposes metastore db password
> ----------------------------------------------
>
>                 Key: HIVE-9013
>                 URL: https://issues.apache.org/jira/browse/HIVE-9013
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.13.1
>            Reporter: Binglin Chang
>            Assignee: Binglin Chang
>         Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch, HIVE-9013.4.patch,
HIVE-9013.5.patch
>
>
> When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename),
but set command alone also list all information(including vars in restrict list), this exposes
like "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars command.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message