Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Karen Coppage via Review Board Mon, 24 Sep 2018 06:47:39 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
-----------------------------------------------------------


(Updated Sept. 24, 2018, 1:47 p.m.)


Review request for hive and Laszlo Pinter.


Changes
-------

Whether the password is set or not, "password:-" is printed to logs.


Bugs: HIVE-20544
    https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
-------

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs (updated)
-----

  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/4/

Changes: https://reviews.apache.org/r/68710/diff/3-4/


Testing
-------


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Reply via email to