[jira] [Commented] (HIVE-16089) "trustStorePassword" is logged as part of jdbc connection url

Mon, 06 Mar 2017 12:32:27 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-16089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898027#comment-15898027
 ] 

Peter Vary commented on HIVE-16089:
-----------------------------------

[~sfroehlich]: You could take a look at here: 
https://archive.cloudera.com/cdh5/cdh/5/hive-1.1.0-cdh5.7.0.CHANGES.txt or 
here: 
https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_HDP_RelNotes/content/fixed_issues.html.
 Pick your favorite :)

> "trustStorePassword" is logged as part of jdbc connection url
> -------------------------------------------------------------
>
>                 Key: HIVE-16089
>                 URL: https://issues.apache.org/jira/browse/HIVE-16089
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.1.0
>            Reporter: Sebastian Fröhlich
>              Labels: security
>
> h5. General Story
> The use case is to connect via the Apache Hive JDBC driver to a Hive where 
> SSL encryption is enabled.
> It was required to set the ssl-trust store password property 
> {{trustStorePassword}} in the jdbc connection url.
> If the property is passed via "properties" parameter into 
> {{Driver.connect(url, properties)}} this will not recognized.
> h5. Log message
> {code}
> 2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import] 
> (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] 
> |jdbc.Utils|: Resolved authority: <hostname>:<port>
> 2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import] 
> (fce7cd11-d489-4a13-a3a9-4c81d2907c87)} #0] |jdbc.HiveConnection|: Will try 
> to open client transport with JDBC Uri: 
> jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
> {code}
> E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}
> h5. Suggested Behavior
> The property {{trustStorePassword}} could be part of the "properties" 
> parameter. This way the password is not part of the JDBC connection url.
> h5. Acceptance Criteria
> The ssl trust store password should not be logged as part of the JDBC 
> connection string.
> Support the trust store password via the properties parameter within connect.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to