[
https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15153208#comment-15153208
]
Ravi Prakash commented on HIVE-9013:
------------------------------------
Thanks for this fix folks! We also found that when we use the {{!connect}}
command with a password, the password gets logged to ~/.beeline/history. I've
filed https://issues.apache.org/jira/browse/HIVE-13091 . Could you please
suggest how to fix that leak over on that JIRA?
> Hive set command exposes metastore db password
> ----------------------------------------------
>
> Key: HIVE-9013
> URL: https://issues.apache.org/jira/browse/HIVE-9013
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.13.1
> Reporter: Binglin Chang
> Assignee: Binglin Chang
> Labels: TODOC1.2, TODOC1.3
> Fix For: 1.3.0, 2.0.0, 1.2.2
>
> Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch,
> HIVE-9013.4.patch, HIVE-9013.5.patch, HIVE-9013.5.patch,
> HIVE-9013.5.patch-branch1, HIVE-9013.5.patch-branch1.2
>
>
> When auth is enabled, we still need set command to set some variables(e.g.
> mapreduce.job.queuename), but set command alone also list all
> information(including vars in restrict list), this exposes like
> "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars
> command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
