https://issues.apache.org/jira/browse/DRILL-3879 https://issues.apache.org/jira/browse/DRILL-3880
Are created (one for each issue) I feel that the 3879, the stack trace one is less important, in that it's just an ease of use function. However 3880 I believe is more important because we offer an option to specify user/pass at the command line, but don't offer a way to do so that is secure. This makes users, who follow docs, who may not have a security background, make poor choices with security. (The documentation for authentication in Drill shows an example of how to do this, without any warning about the dangers of putting your password at the command line or offering the alternative approach that Rajkumar has suggested (thank you for that Rajkumar, that works)) I feel we should be offering examples, and tools where we help users start using them securely, or at the very least outline how using in the suggested way is not secure. Thanks! John On Thu, Oct 1, 2015 at 10:08 AM, Venki Korukanti <[email protected]> wrote: > 1. Please log a bug to enhance what is printed on the screen when auth > fails. Its possible that we are just dumping the exception got from the > connection request. > 2. Not sure if SQLLine has any other method other than passing the password > using -p option. We can enhance SQLLine to prompt for password if "-p" is > specified on the command line just like Hive. Please log an improvement bug > (changes may involve SQLLine) > > On Thu, Oct 1, 2015 at 7:57 AM, John Omernik <[email protected]> wrote: > > > So I am following > > > > https://drill.apache.org/docs/configuring-user-authentication/ > > > > And getting Authentication setup > > > > The suggested > > > > sqlline –u jdbc:drill:zk=10.10.11.112:5181 –n bob –p bobdrill > > > > Works great. (Obviously I use my ZK, my username, and my password) > > > > So being a sql guy, I now have some concerns that I couldn't find answers > > too, so I thought I'd toss them out here > > > > 1. If I specify the wrong password, I get more than a page of exception > > messages (Handshake validation, AUth Failed) etc. With full stack > traces. > > Isn't this something that should be captured and minimized to a user? > When > > I first set this up, it is difficult to determine what is related to > issues > > with my auth setup and what is just a bad user/pass. I would argue from a > > pure programming point of view, and bad set of credentials is a normal > > occurrence, not an exception, yet the busy stack trace does not help me > > understand if things are setup, or if I just fatfingered my password. > > > > 2. I found no way with SQLLINE to authenticate without specifying my > > password at the command line > > > > if I did -n bob with no -p, there was a large exception (TL;DR Auth > failed) > > if I did -n bob -p (with nothing else, hoping from a prompt) I got an > array > > Index out of bounds > > If I did -n bob -p - (Hoping for a STDIN prompt) I got the large > exception > > auth failed. > > > > I guess, I don't want my password in my .bash_history, and that shouldn't > > be a challenge. Hive does this, mysql, etc all do this. Is there a way > to > > do this with Drill/SQL line? > > > > Thanks > > > > John > > >
