[ https://issues.apache.org/jira/browse/HIVE-16089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15897680#comment-15897680 ]
Sebastian Fröhlich commented on HIVE-16089: ------------------------------------------- [~zsombor.klara], Thank you for the information. This is helpful. It would be great if you could bring the fix also down to Hive 1.1.x as a security fix. Not many commercial Hadoop vendors using Hive 1.2.1 in their commercial Hadoop distributions. So the upgrade to Hive 1.2.1+ is not a real option for us. But maybe this issue will be fixed separately in the impacted commercial distributed Hive versions. > "trustStorePassword" is logged as part of jdbc connection url > ------------------------------------------------------------- > > Key: HIVE-16089 > URL: https://issues.apache.org/jira/browse/HIVE-16089 > Project: Hive > Issue Type: Bug > Components: JDBC > Affects Versions: 1.1.0 > Reporter: Sebastian Fröhlich > Labels: security > > h5. General Story > The use case is to connect via the Apache Hive JDBC driver to a Hive where > SSL encryption is enabled. > It was required to set the ssl-trust store password property > {{trustStorePassword}} in the jdbc connection url. > If the property is passed via "properties" parameter into > {{Driver.connect(url, properties)}} this will not recognized. > h5. Log message > {code} > 2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import] > (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] > |jdbc.Utils|: Resolved authority: <hostname>:<port> > 2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import] > (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] |jdbc.HiveConnection|: Will try > to open client transport with JDBC Uri: > jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password> > {code} > E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}} > h5. Suggested Behavior > The property {{trustStorePassword}} could be part of the "properties" > parameter. This way the password is not part of the JDBC connection url. > h5. Acceptance Criteria > The ssl trust store password should not be logged as part of the JDBC > connection string. > Support the trust store password via the properties parameter within connect. -- This message was sent by Atlassian JIRA (v6.3.15#6346)