[
https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14975333#comment-14975333
]
Lefty Leverenz commented on HIVE-9013:
--------------------------------------
Doc note: This adds configuration parameter *hive.conf.hidden.list* to
HiveConf.java, so it needs to be documented in the wiki for releases 1.2.2 and
1.3.0.
* [Configuration Properties -- Restricted List and Whitelist |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-RestrictedListandWhitelist]
(might want a new section title)
* [Configuration Properties -- hive.security.authorization.sqlstd.confwhitelist
|
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.security.authorization.sqlstd.confwhitelist]
The whitelist description ends with this sentence: "Note that the
hive.conf.restricted.list checks are still enforced after the white list
check." Should *hive.conf.hidden.list* be added?
> Hive set command exposes metastore db password
> ----------------------------------------------
>
> Key: HIVE-9013
> URL: https://issues.apache.org/jira/browse/HIVE-9013
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.13.1
> Reporter: Binglin Chang
> Assignee: Binglin Chang
> Labels: TODOC1.2, TODOC1.3
> Fix For: 1.3.0, 2.0.0, 1.2.2
>
> Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch,
> HIVE-9013.4.patch, HIVE-9013.5.patch, HIVE-9013.5.patch,
> HIVE-9013.5.patch-branch1, HIVE-9013.5.patch-branch1.2
>
>
> When auth is enabled, we still need set command to set some variables(e.g.
> mapreduce.job.queuename), but set command alone also list all
> information(including vars in restrict list), this exposes like
> "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars
> command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
