[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1465#comment-1465
]
Hive QA commented on HIVE-20796:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12945743/HIVE-20796.05.patch
{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.
{color:green}SUCCESS:{color} +1 due to 15508 tests passed
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14664/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14664/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14664/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12945743 - PreCommit-HIVE-Build
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch, HIVE-20796.05.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=1444#comment-1444
]
Hive QA commented on HIVE-20796:
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m
42s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
23s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
7s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m
59s{color} | {color:blue} standalone-metastore/metastore-server in master has
181 extant Findbugs warnings. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
18s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m
27s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
23s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m
23s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
7s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
8s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
18s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m
12s{color} | {color:green} The patch does not generate ASF License warnings.
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 12m 32s{color} |
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Optional Tests | asflicense javac javadoc findbugs checkstyle compile |
| uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian
3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux |
| Build tool | maven |
| Personality |
/data/hiveptest/working/yetus_PreCommit-HIVE-Build-14664/dev-support/hive-personality.sh
|
| git revision | master / 1002e89 |
| Default Java | 1.8.0_111 |
| findbugs | v3.0.0 |
| modules | C: standalone-metastore/metastore-server U:
standalone-metastore/metastore-server |
| Console output |
http://104.198.109.242/logs//PreCommit-HIVE-Build-14664/yetus.txt |
| Powered by | Apache Yetushttp://yetus.apache.org |
This message was automatically generated.
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch, HIVE-20796.05.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16665128#comment-16665128 ] Peter Vary commented on HIVE-20796: --- HIVE-20796.05.patch is even better +1 pending tests :D > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch, > HIVE-20796.03.patch, HIVE-20796.04.patch, HIVE-20796.05.patch > > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664776#comment-16664776
]
Hive QA commented on HIVE-20796:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12945596/HIVE-20796.04.patch
{color:red}ERROR:{color} -1 due to build exiting with an error
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14644/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14644/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14644/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Tests exited with: Exception: Patch URL
https://issues.apache.org/jira/secure/attachment/12945596/HIVE-20796.04.patch
was found in seen patch url's cache and a test was probably run already on it.
Aborting...
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12945596 - PreCommit-HIVE-Build
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664600#comment-16664600
]
Hive QA commented on HIVE-20796:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12945596/HIVE-20796.04.patch
{color:red}ERROR:{color} -1 due to build exiting with an error
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14643/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14643/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14643/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Tests exited with: Exception: Patch URL
https://issues.apache.org/jira/secure/attachment/12945596/HIVE-20796.04.patch
was found in seen patch url's cache and a test was probably run already on it.
Aborting...
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12945596 - PreCommit-HIVE-Build
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664464#comment-16664464
]
Hive QA commented on HIVE-20796:
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12945596/HIVE-20796.04.patch
{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.
{color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 15506 tests
executed
*Failed tests:*
{noformat}
TestMiniDruidCliDriver - did not produce a TEST-*.xml file (likely timed out)
(batchId=196)
[druidmini_masking.q,druidmini_test1.q,druidkafkamini_basic.q,druidmini_joins.q,druid_timestamptz.q]
org.apache.hive.spark.client.rpc.TestRpc.testClientTimeout (batchId=325)
{noformat}
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14642/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14642/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14642/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 2 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12945596 - PreCommit-HIVE-Build
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16664426#comment-16664426
]
Hive QA commented on HIVE-20796:
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m
47s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
24s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
7s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 1m
8s{color} | {color:blue} standalone-metastore/metastore-server in master has
181 extant Findbugs warnings. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
18s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m
28s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
24s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m
24s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
6s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 1m
15s{color} | {color:red} standalone-metastore/metastore-server generated 2 new
+ 181 unchanged - 0 fixed = 183 total (was 181) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
18s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m
14s{color} | {color:red} The patch generated 2 ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black} 13m 50s{color} |
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| FindBugs | module:standalone-metastore/metastore-server |
| | Call to
String.equals(org.apache.hadoop.hive.metastore.conf.MetastoreConf$ConfVars) in
org.apache.hadoop.hive.metastore.ObjectStore.getDataSourceProps(Configuration)
At ObjectStore.java: At ObjectStore.java:[line 478] |
| | Return value of String.trim() ignored in
org.apache.hadoop.hive.metastore.utils.MetaStoreServerUtils.anonymizeConnectionURL(String)
At MetaStoreServerUtils.java:in
org.apache.hadoop.hive.metastore.utils.MetaStoreServerUtils.anonymizeConnectionURL(String)
At MetaStoreServerUtils.java:[line 1163] |
\\
\\
|| Subsystem || Report/Notes ||
| Optional Tests | asflicense javac javadoc findbugs checkstyle compile |
| uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian
3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux |
| Build tool | maven |
| Personality |
/data/hiveptest/working/yetus_PreCommit-HIVE-Build-14642/dev-support/hive-personality.sh
|
| git revision | master / a99be34 |
| Default Java | 1.8.0_111 |
| findbugs | v3.0.0 |
| findbugs |
http://104.198.109.242/logs//PreCommit-HIVE-Build-14642/yetus/new-findbugs-standalone-metastore_metastore-server.html
|
| asflicense |
http://104.198.109.242/logs//PreCommit-HIVE-Build-14642/yetus/patch-asflicense-problems.txt
|
| modules | C: standalone-metastore/metastore-server U:
standalone-metastore/metastore-server |
| Console output |
http://104.198.109.242/logs//PreCommit-HIVE-Build-14642/yetus.txt |
| Powered by | Apache Yetushttp://yetus.apache.org |
This message was automatically generated.
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
> Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch,
> HIVE-20796.03.patch, HIVE-20796.04.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> driv
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663764#comment-16663764 ] Peter Vary commented on HIVE-20796: --- +1 pending tests > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch, > HIVE-20796.03.patch, HIVE-20796.04.patch > > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663634#comment-16663634 ] Peter Vary commented on HIVE-20796: --- Sounds like a good place :D > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20796.01.patch > > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663631#comment-16663631 ] Laszlo Pinter commented on HIVE-20796: -- [~pvary] We were thinking the same :). Is it ok if I put this method to the MetaStoreServerUtils class? > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20796.01.patch > > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663609#comment-16663609 ] Peter Vary commented on HIVE-20796: --- [~lpinter]: Would it be a good idea to put this to an util method and write some unit test for it? I think this way we can be sure that it handles every possible situation, and it will not be changed later accidentally. What do you think? > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > Attachments: HIVE-20796.01.patch > > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662337#comment-16662337 ] Peter Vary commented on HIVE-20796: --- Thanks for the explanation! > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[
https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662329#comment-16662329
]
Laszlo Pinter commented on HIVE-20796:
--
Indeed is similar, but I was thinking of different scenario. In the
hive-site.xml you can provide the connection url and the credentials as
different entries
{code:xml}
javax.jdo.option.ConnectionURL
jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true
javax.jdo.option.ConnectionUserName
username
javax.jdo.option.ConnectionPassword
password
{code}
But it is possible to specify the credentials as part of the connection url
{code:xml}
javax.jdo.option.ConnectionURL
jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true;username=username;password=password
{code}
While overriding the default configuration values from jpox.properties, the old
and new entries are logged out (ObjectStore#getDataSourceProps())
{code:java}
if (MetastoreConf.isPrintable(varName)) {
LOG.debug("Overriding {} value {} from jpox.properties with {}",
varName, prevVal, confVal);
}
{code}
Since the jdbc url is not marked as unprintable, all of it contents will be
written to debug log.
> jdbc URL can contain sensitive information that should not be logged
>
>
> Key: HIVE-20796
> URL: https://issues.apache.org/jira/browse/HIVE-20796
> Project: Hive
> Issue Type: Improvement
> Components: Hive
>Affects Versions: 4.0.0
>Reporter: Laszlo Pinter
>Assignee: Laszlo Pinter
>Priority: Major
>
> It is possible to put passwords in the jdbc connection url and some jdbc
> drivers will supposedly use that. (derby, mysql). This information is
> considered sensitive, and should be masked out, while logging the connection
> url.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
[ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662309#comment-16662309 ] Peter Vary commented on HIVE-20796: --- Started something like this before, but AFAIK never finished: HIVE-15931 > jdbc URL can contain sensitive information that should not be logged > > > Key: HIVE-20796 > URL: https://issues.apache.org/jira/browse/HIVE-20796 > Project: Hive > Issue Type: Improvement > Components: Hive >Affects Versions: 4.0.0 >Reporter: Laszlo Pinter >Assignee: Laszlo Pinter >Priority: Major > > It is possible to put passwords in the jdbc connection url and some jdbc > drivers will supposedly use that. (derby, mysql). This information is > considered sensitive, and should be masked out, while logging the connection > url. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
