[
https://issues.apache.org/jira/browse/IMPALA-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789904#comment-17789904
]
Wenzhe Zhou commented on IMPALA-12380:
--------------------------------------
Table property "dbcp.password" is jdbc password in clear text. This parameter
is strongly discouraged. The recommended way is to store the password in a Java
keystore file. See the section “securing password” in
https://cwiki.apache.org/confluence/display/Hive/JDBC+Storage+Handler#JDBCStorageHandler-SecuringPassword.
We need to protect the keystore file by only authorize targeted user to read
this file using authorizer (such as Ranger). Impala will check the permission
of the keystore file to make sure user has read permission of it.
Hive code reference:
https://github.com/apache/hive/blob/master/jdbc-handler/src/main/java/org/apache/hive/storage/jdbc/conf/JdbcStorageConfigManager.java#L85-L111
> Securing dbcp.password for JDBC external data source
> ----------------------------------------------------
>
> Key: IMPALA-12380
> URL: https://issues.apache.org/jira/browse/IMPALA-12380
> Project: IMPALA
> Issue Type: Sub-task
> Reporter: Wenzhe Zhou
> Assignee: gaurav singh
> Priority: Major
>
> In the first patch of JDBC external data source
> (https://gerrit.cloudera.org/#/c/17842/)
> "dbcp.password" is provided as clear text in the table property. We should
> allow user to store password in a Java keystore file on HDFS and protect the
> keystore file for the authorized users.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
