[
https://issues.apache.org/jira/browse/HIVE-16089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebastian Fröhlich updated HIVE-16089:
--------------------------------------
Description:
h5. General Story
The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL
encryption is enabled.
It was required to set the ssl-trust store password property
{{trustStorePassword}} in the jdbc connection url.
If the property is passed via "properties" parameter into {{Driver.connect(url,
properties)}} this will not recognized.
h5. Log message
{code}
2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import]
(fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0]
|jdbc.Utils|: Resolved authority: <hostname>:<port>
2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import]
(fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] |jdbc.HiveConnection|: Will try to
open client transport with JDBC Uri:
jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
{code}
E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}
h5. Suggested Behavior
The property {{trustStorePassword}} could be part of the "properties"
parameter. This way the password is not part of the JDBC connection url.
h5. Acceptance Criteria
The ssl trust store password should not be logged as part of the JDBC
connection string.
Support the trust store password via the properties parameter within connect.
was:
h5. General Story
The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL
encryption is enabled.
It was required to set the ssl-trust store password property
{{trustStorePassword}} in the jdbc connection url.
If the property is passed via "properties" parameter into {{Driver.connect(url,
properties)}} this will not recognized.
h5. Suggested Behavior
The property {{trustStorePassword}} could be part of the "properties"
parameter. This way the password is not part of the JDBC connection url.
h5. Acceptance Criteria
The ssl trust store password should not be logged as part of the JDBC
connection string.
Support the trust store password via the properties parameter within connect.
> "trustStorePassword" is logged as part of jdbc connection url
> -------------------------------------------------------------
>
> Key: HIVE-16089
> URL: https://issues.apache.org/jira/browse/HIVE-16089
> Project: Hive
> Issue Type: Bug
> Components: JDBC
> Affects Versions: 1.1.0
> Reporter: Sebastian Fröhlich
> Labels: security
>
> h5. General Story
> The use case is to connect via the Apache Hive JDBC driver to a Hive where
> SSL encryption is enabled.
> It was required to set the ssl-trust store password property
> {{trustStorePassword}} in the jdbc connection url.
> If the property is passed via "properties" parameter into
> {{Driver.connect(url, properties)}} this will not recognized.
> h5. Log message
> {code}
> 2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import]
> (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0]
> |jdbc.Utils|: Resolved authority: <hostname>:<port>
> 2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import]
> (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] |jdbc.HiveConnection|: Will try
> to open client transport with JDBC Uri:
> jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
> {code}
> E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}
> h5. Suggested Behavior
> The property {{trustStorePassword}} could be part of the "properties"
> parameter. This way the password is not part of the JDBC connection url.
> h5. Acceptance Criteria
> The ssl trust store password should not be logged as part of the JDBC
> connection string.
> Support the trust store password via the properties parameter within connect.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
