You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Tim Armstrong (JIRA)" <ji...@apache.org> on 2018/10/23 21:55:00 UTC

[jira] [Updated] (IMPALA-4244) Impala should strip all strings from log output unless explicitly configured to do so

     [ https://issues.apache.org/jira/browse/IMPALA-4244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Armstrong updated IMPALA-4244:
----------------------------------
    Target Version: Product Backlog

> Impala should strip all strings from log output unless explicitly configured to do so
> -------------------------------------------------------------------------------------
>
>                 Key: IMPALA-4244
>                 URL: https://issues.apache.org/jira/browse/IMPALA-4244
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: Frontend
>    Affects Versions: Impala 2.5.0
>            Reporter: Laszlo Gaal
>            Priority: Major
>              Labels: security, supportability
>
> Currently there are multiple code locations where query text is written to the logs. This is particularly bad when it happens before the query is parsed, as there is no reliable way to identify strings in the query text due to various quoting and escaping schemes.
> Printing query text or text strings like this could leak sensitive information into the logs. Particularly bad example (collected from the wild):
> {code:java}
> I0610 13:06:43.571676  2022 Frontend.java:818] analyze query SELECT user_id, username, group_id FROM db.table WHERE username='USER' AND password='BAD'"
> {code}
> Totally forbidding the presence of query text in the logs would make it too hard to debug or support Impala, so there should be a global switch governing this behavior.
> When the switch is set to disabling text printing, Impala should:
> * not print unparsed query text to the logs; it should just print query IDs
> * strip strings from the log output
> When the switch is set to enabled Impala should
> * print unparsed query text to the log
> * let strings pass through to the logs, including parameter values, table names, column names etc.
> The default (unconfigured) state of this switch should be disabled.
> Impala should probably indicate if the switch is set to enabled to warn the user about possibly sensitive information being written to the logs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org