[jira] [Commented] (HIVE-14889) Beeline leaks sensitive environment variables of HiveServer2 when you type set;

JIRA Thu, 06 Oct 2016 12:53:11 -0700

    [ 
https://issues.apache.org/jira/browse/HIVE-14889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552998#comment-15552998
 ]


Sergio Peña commented on HIVE-14889:
------------------------------------

LGTM +1

> Beeline leaks sensitive environment variables of HiveServer2 when you type 
> set;
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-14889
>                 URL: https://issues.apache.org/jira/browse/HIVE-14889
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>            Reporter: Vihang Karajgaonkar
>            Assignee: Vihang Karajgaonkar
>         Attachments: HIVE-14889.1.patch, HIVE-14889.2.patch
>
>
> When you type set; beeline prints all the environment variables including 
> passwords which could be major security risk. Eg: HADOOP_CREDENTIAL_PASSWORD 
> below is leaked.
> {noformat}
> | env:HADOOP_CREDSTORE_PASSWORD=password             |
> | env:HADOOP_DATANODE_OPTS=-Dhadoop.security.logger=ERROR,RFAS  |
> | env:HADOOP_HOME_WARN_SUPPRESS=true                 |
> | env:HADOOP_IDENT_STRING=vihang                     |
> | env:HADOOP_PID_DIR=                                |
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HIVE-14889) Beeline leaks sensitive environment variables of HiveServer2 when you type set;

Reply via email to