Re: Review Request 15192: SQOOP-1223 Enhance the password file capability to enable plugging-in custom loaders

Mon, 04 Nov 2013 16:31:16 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15192/#review28137
-----------------------------------------------------------



src/java/org/apache/sqoop/util/password/CryptoFileLoader.java
<https://reviews.apache.org/r/15192/#comment54750>

    Looks like the passphrase to the encrypted file is passed through the job 
config. That is an not a secure way to pass the password right? Even though 
this is a simple example, I think we should make sure that it is as secure as 
possible.


- Hari Shreedharan


On Nov. 2, 2013, 1:04 a.m., Jarek Cecho wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15192/
> -----------------------------------------------------------
> 
> (Updated Nov. 2, 2013, 1:04 a.m.)
> 
> 
> Review request for Sqoop.
> 
> 
> Bugs: SQOOP-1223
>     https://issues.apache.org/jira/browse/SQOOP-1223
> 
> 
> Repository: sqoop-trunk
> 
> 
> Description
> -------
> 
> I've changed the logic of loading passwords from password file to enable 
> plugging in custom loader. I've also provided example implementation of 
> advanced loader that is able to retrieve the password from encrypted file.
> 
> 
> Diffs
> -----
> 
>   src/java/org/apache/sqoop/SqoopOptions.java 
> 13637b5ef8ddbaa3ac7bbbf920ff24d98b29127f 
>   src/java/org/apache/sqoop/tool/BaseSqoopTool.java 
> 9230f82d8727de5e1d97b2846bead230f4d09abd 
>   src/java/org/apache/sqoop/util/CredentialsUtil.java 
> 64124693a74ee01fcfcef9f637d60288262ba8f2 
>   src/java/org/apache/sqoop/util/password/CryptoFileLoader.java PRE-CREATION 
>   src/java/org/apache/sqoop/util/password/FilePasswordLoader.java 
> PRE-CREATION 
>   src/java/org/apache/sqoop/util/password/PasswordLoader.java PRE-CREATION 
>   src/test/org/apache/sqoop/credentials/TestPassingSecurePassword.java 
> 41a432a6138f7b92dec0d91180a1cd3de9a8b499 
> 
> Diff: https://reviews.apache.org/r/15192/diff/
> 
> 
> Testing
> -------
> 
> Added unit tests that is testing all out-of-the-box available ECB methods in 
> Java.
> 
> 
> Thanks,
> 
> Jarek Cecho
> 
>

Reply via email to