Re: Review Request 15192: SQOOP-1223 Enhance the password file capability to enable plugging-in custom loaders

Tue, 05 Nov 2013 10:04:36 -0800 


> On Nov. 5, 2013, 12:30 a.m., Hari Shreedharan wrote:
> >

Thank you for the review sir!


> On Nov. 5, 2013, 12:30 a.m., Hari Shreedharan wrote:
> > src/java/org/apache/sqoop/util/password/CryptoFileLoader.java, line 106
> > <https://reviews.apache.org/r/15192/diff/1/?file=376743#file376743line106>
> >
> >     Looks like the passphrase to the encrypted file is passed through the 
> > job config. That is an not a secure way to pass the password right? Even 
> > though this is a simple example, I think we should make sure that it is as 
> > secure as possible.

Good catch Hari, will improve this one.


- Jarek


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/15192/#review28137
-----------------------------------------------------------


On Nov. 2, 2013, 1:04 a.m., Jarek Cecho wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/15192/
> -----------------------------------------------------------
> 
> (Updated Nov. 2, 2013, 1:04 a.m.)
> 
> 
> Review request for Sqoop.
> 
> 
> Bugs: SQOOP-1223
>     https://issues.apache.org/jira/browse/SQOOP-1223
> 
> 
> Repository: sqoop-trunk
> 
> 
> Description
> -------
> 
> I've changed the logic of loading passwords from password file to enable 
> plugging in custom loader. I've also provided example implementation of 
> advanced loader that is able to retrieve the password from encrypted file.
> 
> 
> Diffs
> -----
> 
>   src/java/org/apache/sqoop/SqoopOptions.java 
> 13637b5ef8ddbaa3ac7bbbf920ff24d98b29127f 
>   src/java/org/apache/sqoop/tool/BaseSqoopTool.java 
> 9230f82d8727de5e1d97b2846bead230f4d09abd 
>   src/java/org/apache/sqoop/util/CredentialsUtil.java 
> 64124693a74ee01fcfcef9f637d60288262ba8f2 
>   src/java/org/apache/sqoop/util/password/CryptoFileLoader.java PRE-CREATION 
>   src/java/org/apache/sqoop/util/password/FilePasswordLoader.java 
> PRE-CREATION 
>   src/java/org/apache/sqoop/util/password/PasswordLoader.java PRE-CREATION 
>   src/test/org/apache/sqoop/credentials/TestPassingSecurePassword.java 
> 41a432a6138f7b92dec0d91180a1cd3de9a8b499 
> 
> Diff: https://reviews.apache.org/r/15192/diff/
> 
> 
> Testing
> -------
> 
> Added unit tests that is testing all out-of-the-box available ECB methods in 
> Java.
> 
> 
> Thanks,
> 
> Jarek Cecho
> 
>

Reply via email to