[
https://issues.apache.org/jira/browse/HIVE-7175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14027698#comment-14027698
]
Larry McCay commented on HIVE-7175:
-----------------------------------
I just realized that this is the users' LDAP password.
It would be unfortunate to have to leave this laying around in various places
unless absolutely necessary.
Does the beeline CLI currently allow for using the java Console to collect the
password from the user?
I understand that for scripting type purposes we may need another collection
mechanism but for usecases with a user and console available the users'
passwords should not be persisted outside of the directory itself when it can
be avoided.
For cases where it can not be avoided the side file approach is certainly
better than on the command line itself in terms of visibility.
> Provide password file option to beeline
> ---------------------------------------
>
> Key: HIVE-7175
> URL: https://issues.apache.org/jira/browse/HIVE-7175
> Project: Hive
> Issue Type: Improvement
> Components: CLI, Clients
> Affects Versions: 0.13.0
> Reporter: Robert Justice
> Assignee: Dr. Wendell Urth
> Labels: features, security
> Attachments: HIVE-7175.patch
>
>
> For people connecting to Hive Server 2 with LDAP authentication enabled, in
> order to batch run commands, we currently have to provide the password openly
> in the command line. They could use some expect scripting, but I think a
> valid improvement would be to provide a password file option similar to other
> CLI commands in hadoop (e.g. sqoop) to be more secure.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
