hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vihang Karajgaonkar (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-14889) Beeline leaks sensitive environment variables of HiveServer2 when you type set;
Date Thu, 06 Oct 2016 00:15:20 GMT

     [ https://issues.apache.org/jira/browse/HIVE-14889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Vihang Karajgaonkar updated HIVE-14889:
---------------------------------------
    Summary: Beeline leaks sensitive environment variables of HiveServer2 when you type set;
 (was: Beeline leaks environment variables of HiveServer2 when you type set;)

> Beeline leaks sensitive environment variables of HiveServer2 when you type set;
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-14889
>                 URL: https://issues.apache.org/jira/browse/HIVE-14889
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>
> When you type set; beeline prints all the environment variables including passwords which
could be major security risk. Eg: HADOOP_CREDENTIAL_PASSWORD below is leaked.
> {noformat}
> | env:HADOOP_CREDSTORE_PASSWORD=password             |
> | env:HADOOP_DATANODE_OPTS=-Dhadoop.security.logger=ERROR,RFAS  |
> | env:HADOOP_HOME_WARN_SUPPRESS=true                 |
> | env:HADOOP_IDENT_STRING=vihang                     |
> | env:HADOOP_PID_DIR=                                |
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message