[jira] [Commented] (DRILL-6250) Sqlline start command with password appears in the sqlline.log

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DRILL-6250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16403484#comment-16403484
 ] 

ASF GitHub Bot commented on DRILL-6250:
---------------------------------------

GitHub user vladimirtkach opened a pull request:

    https://github.com/apache/drill/pull/1174

    DRILL-6250: Sqlline start command with password appears in the sqllin…

    …e.log

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vladimirtkach/drill DRILL-6250

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/drill/pull/1174.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1174
    
----
commit 36df1c291bc457b11dd0f7efaafa0065d9497d66
Author: Vladimir Tkach <vovatkach75@...>
Date:   2018-03-17T15:27:10Z

    DRILL-6250: Sqlline start command with password appears in the sqlline.log

----


> Sqlline start command with password appears in the sqlline.log
> --------------------------------------------------------------
>
>                 Key: DRILL-6250
>                 URL: https://issues.apache.org/jira/browse/DRILL-6250
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.13.0
>            Reporter: Anton Gozhiy
>            Assignee: Volodymyr Tkach
>            Priority: Major
>
> *Prerequisites:*
>  *1.* Log level is set to "all" in the conf/logback.xml:
> {code:xml}
> <logger name="org.apache.drill" additivity="false">
>     <level value="all" />
>     <appender-ref ref="FILE" />
> </logger>
> {code}
> *2.* PLAIN authentication mechanism is configured:
> {code:java}
>   security.user.auth: {
>       enabled: true,
>       packages += "org.apache.drill.exec.rpc.user.security",
>       impl: "pam",
>       pam_profiles: [ "sudo", "login" ]
>   }
> {code}
> *Steps:*
>  *1.* Start the drillbits
>  *2.* Connect by sqlline:
> {noformat}
> /opt/mapr/drill/drill-1.13.0/bin/sqlline -u "jdbc:drill:zk=node1:5181;" -n 
> user1 -p 1234
> {noformat}
> *3.* Use check the sqlline logs:
> {noformat}
> tail -F log/sqlline.log|grep 1234 -a5 -b5
> {noformat}
> *Expected result:* Logs shouldn't contain clear-text passwords
> *Actual result:* The logs contain the sqlline start command with password:
> {noformat}
> # system properties
> 35333-        "java" : {
> 35352-            # system properties
> 35384:            "command" : "sqlline.SqlLine -d 
> org.apache.drill.jdbc.Driver --maxWidth=10000 --color=true -u 
> jdbc:drill:zk=node1:5181; -n user1 -p 1234",
> 35535-            # system properties
> 35567-            "launcher" : "SUN_STANDARD"
> 35607-        }
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)