hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barna Zsombor Klara (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-16089) "trustStorePassword" is logged as part of jdbc connection url
Date Mon, 06 Mar 2017 15:01:32 GMT

    [ https://issues.apache.org/jira/browse/HIVE-16089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15897450#comment-15897450
] 

Barna Zsombor Klara commented on HIVE-16089:
--------------------------------------------

Thank you for reporting the bug [~sfroehlich].
One part of this issue, the logging out of the jdbc connection string, has already been fixed
in HIVE-12235. Could you maybe upgrade to a version of hive already containing the fix? (so
Hive 1.2.1+)

> "trustStorePassword" is logged as part of jdbc connection url
> -------------------------------------------------------------
>
>                 Key: HIVE-16089
>                 URL: https://issues.apache.org/jira/browse/HIVE-16089
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.1.0
>            Reporter: Sebastian Fröhlich
>              Labels: security
>
> h5. General Story
> The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL encryption
is enabled.
> It was required to set the ssl-trust store password property {{trustStorePassword}} in
the jdbc connection url.
> If the property is passed via "properties" parameter into {{Driver.connect(url, properties)}}
this will not recognized.
> h5. Log message
> {code}
> 2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] 
> |jdbc.Utils|: Resolved authority: <hostname>:<port>
> 2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] |jdbc.HiveConnection|: Will try to open client transport with JDBC Uri: jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
> {code}
> E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}
> h5. Suggested Behavior
> The property {{trustStorePassword}} could be part of the "properties" parameter. This
way the password is not part of the JDBC connection url.
> h5. Acceptance Criteria
> The ssl trust store password should not be logged as part of the JDBC connection string.
> Support the trust store password via the properties parameter within connect.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message