subject:"Review Request 68710\: HIVE\-20544\: TOpenSessionReq logs password and username"

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-25 Thread Andrew Sherman via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/#review208993
---




service-rpc/pom.xml
Lines 156 (patched)


This change works (I assume) but it is fragile. What if the generated code 
changes? Maybe consider 
1. adding a simple java unit test that proves that the password is not in 
toString() output 
2. adding a comment to the generated code so that readers can see that 
somethign funny is happening


- Andrew Sherman


On Sept. 24, 2018, 2:01 p.m., Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68710/
> ---
> 
> (Updated Sept. 24, 2018, 2:01 p.m.)
> 
> 
> Review request for hive and Laszlo Pinter.
> 
> 
> Bugs: HIVE-20544
> https://issues.apache.org/jira/browse/HIVE-20544
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> TOpenSessionReq, if client protocol is unset, both username and password are 
> logged. Logging a password is a security risk. This patch would hide it with 
> asterisks.
> 
> 
> Diffs
> -
> 
>   service-rpc/pom.xml d6a07a55bc 
>   
> service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
>  3195e704f3 
> 
> 
> Diff: https://reviews.apache.org/r/68710/diff/5/
> 
> 
> Testing
> ---
> 
> 
> File Attachments
> 
> 
> HIVE-20544.3.patch
>   
> https://reviews.apache.org/media/uploaded/files/2018/09/24/9f8ef0d8-22df-40cf-a311-56335d88516a__HIVE-20544.3.patch
> HIVE-20544.3.patch
>   
> https://reviews.apache.org/media/uploaded/files/2018/09/24/afdfc085-cc06-4a47-81f8-499029719bd0__HIVE-20544.3.patch
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-24 Thread Karen Coppage via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
---

(Updated Sept. 24, 2018, 2:01 p.m.)


Review request for hive and Laszlo Pinter.


Changes
---

Fixed typo in last diff


Bugs: HIVE-20544
https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
---

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs (updated)
-

  service-rpc/pom.xml d6a07a55bc 
  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/5/

Changes: https://reviews.apache.org/r/68710/diff/4-5/


Testing
---


File Attachments (updated)


HIVE-20544.3.patch
  
https://reviews.apache.org/media/uploaded/files/2018/09/24/9f8ef0d8-22df-40cf-a311-56335d88516a__HIVE-20544.3.patch
HIVE-20544.3.patch
  
https://reviews.apache.org/media/uploaded/files/2018/09/24/afdfc085-cc06-4a47-81f8-499029719bd0__HIVE-20544.3.patch


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-24 Thread Karen Coppage via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
---

(Updated Sept. 24, 2018, 1:47 p.m.)


Review request for hive and Laszlo Pinter.


Changes
---

Whether the password is set or not, "password:-" is printed to logs.


Bugs: HIVE-20544
https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
---

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs (updated)
-

  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/4/

Changes: https://reviews.apache.org/r/68710/diff/3-4/


Testing
---


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-24 Thread Karen Coppage via Review Board



> On Sept. 21, 2018, 3:41 p.m., Andrew Sherman wrote:
> > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
> > Line 546 (original), 546 (patched)
> > 
> >
> > why give a clue about password length? Maybe just always print  or 
> > something?

Thanks for taking a look, Andrew! Fair point. I would worry that just printing 
some asterisks could confuse someone ("Is my password really that short?"), so 
i'll replace the password mask with a simple "-" in the next patch.


- Karen


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/#review208862
---


On Sept. 21, 2018, 3:31 p.m., Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68710/
> ---
> 
> (Updated Sept. 21, 2018, 3:31 p.m.)
> 
> 
> Review request for hive and Laszlo Pinter.
> 
> 
> Bugs: HIVE-20544
> https://issues.apache.org/jira/browse/HIVE-20544
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> TOpenSessionReq, if client protocol is unset, both username and password are 
> logged. Logging a password is a security risk. This patch would hide it with 
> asterisks.
> 
> 
> Diffs
> -
> 
>   service-rpc/pom.xml d6a07a55bc 
>   
> service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
>  3195e704f3 
> 
> 
> Diff: https://reviews.apache.org/r/68710/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-21 Thread Andrew Sherman via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/#review208862
---




service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
Line 546 (original), 546 (patched)


why give a clue about password length? Maybe just always print  or 
something?


- Andrew Sherman


On Sept. 21, 2018, 3:31 p.m., Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68710/
> ---
> 
> (Updated Sept. 21, 2018, 3:31 p.m.)
> 
> 
> Review request for hive and Laszlo Pinter.
> 
> 
> Bugs: HIVE-20544
> https://issues.apache.org/jira/browse/HIVE-20544
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> TOpenSessionReq, if client protocol is unset, both username and password are 
> logged. Logging a password is a security risk. This patch would hide it with 
> asterisks.
> 
> 
> Diffs
> -
> 
>   service-rpc/pom.xml d6a07a55bc 
>   
> service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
>  3195e704f3 
> 
> 
> Diff: https://reviews.apache.org/r/68710/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-21 Thread Karen Coppage via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
---

(Updated Sept. 21, 2018, 3:31 p.m.)


Review request for hive and Laszlo Pinter.


Changes
---

Password is masked by Maven in process-sources phase of build.


Bugs: HIVE-20544
https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
---

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs (updated)
-

  service-rpc/pom.xml d6a07a55bc 
  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/3/

Changes: https://reviews.apache.org/r/68710/diff/2-3/


Testing
---


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-14 Thread Laszlo Pinter via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/#review208621
---


Ship it!




LGTM +! (non-binding)

- Laszlo Pinter


On Sept. 13, 2018, 10:11 a.m., Karen Coppage wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68710/
> ---
> 
> (Updated Sept. 13, 2018, 10:11 a.m.)
> 
> 
> Review request for hive and Laszlo Pinter.
> 
> 
> Bugs: HIVE-20544
> https://issues.apache.org/jira/browse/HIVE-20544
> 
> 
> Repository: hive-git
> 
> 
> Description
> ---
> 
> TOpenSessionReq, if client protocol is unset, both username and password are 
> logged. Logging a password is a security risk. This patch would hide it with 
> asterisks.
> 
> 
> Diffs
> -
> 
>   
> service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
>  3195e704f3 
> 
> 
> Diff: https://reviews.apache.org/r/68710/diff/2/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> Karen Coppage
> 
>

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-13 Thread Karen Coppage


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
---

(Updated Sept. 13, 2018, 10:11 a.m.)


Review request for hive and Laszlo Pinter.


Bugs: HIVE-20544
https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
---

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs (updated)
-

  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/2/

Changes: https://reviews.apache.org/r/68710/diff/1-2/


Testing
---


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

2018-09-13 Thread Karen Coppage


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/
---

(Updated Sept. 13, 2018, 9:41 a.m.)


Review request for hive and Laszlo Pinter.


Bugs: HIVE-20544
https://issues.apache.org/jira/browse/HIVE-20544


Repository: hive-git


Description
---

TOpenSessionReq, if client protocol is unset, both username and password are 
logged. Logging a password is a security risk. This patch would hide it with 
asterisks.


Diffs
-

  
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
 3195e704f3 


Diff: https://reviews.apache.org/r/68710/diff/1/


Testing
---


Thanks,

Karen Coppage

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

Re: Review Request 68710: HIVE-20544: TOpenSessionReq logs password and username

9 matches

Site Navigation

Mail list logo

Footer information