You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by Vaibhav Gumashta <vg...@hortonworks.com> on 2017/03/08 21:59:42 UTC
Re: Review Request 56763: HIVE-15931: JDBC: Improve logging when using
ZooKeeper
> On Feb. 22, 2017, 10:20 a.m., Peter Vary wrote:
> > jdbc/src/java/org/apache/hive/jdbc/Utils.java
> > Lines 398-400 (patched)
> > <https://reviews.apache.org/r/56763/diff/1-2/?file=1637751#file1637751line398>
> >
> > As far as I know the Java String is immutable, which might cause problems here.
> >
> > Looking through the valid jdbc url-s, I have found this example in the official apache page:
> > "jdbc:hive2://<host>:<port>/<db>;ssl=true;twoWay=true;sslTrustStore=<trust_store_path>;trustStorePassword=<trust_store_password>;sslKeyStore=<key_store_path>;keyStorePassword=<key_store_password>?transportMode=http;httpPath=<http_endpoint>"
> >
> > These are two other passwords which might be logged out and most probably should not.
> >
> > Also hiveconf variables might contain passwords as well. See: HIVE_CONF_HIDDEN_LIST
> >
> > It is getting complicated to remove every possible password. I am inclined to remove the logging of the uri altogether, or at least remove every value from the uri before logging it out to have a cleaner code. What do you think?
> >
> > If we keep the complicated algorithm for removing passwords it might be a good idea to have a test for it.
> >
> > Thanks,
> > Peter
>
> Peter Vary wrote:
> I have found this in the official page too:
> "This is helpful when the end user needs to send identity in an HTTP header down to intermediate servers such as Knox via Beeline for authentication, for example http.header.USERNAME=<value1>;http.header.PASSWORD=<value2>"
>
> It is an edge case, but still...
It will be useful to log the url for debugging purposes, but I agree, we can extend anonymizing to other cases as you've pointed out. I'll upload a revised patch shortly.
- Vaibhav
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56763/#review166345
-----------------------------------------------------------
On Feb. 21, 2017, 9:01 p.m., Vaibhav Gumashta wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56763/
> -----------------------------------------------------------
>
> (Updated Feb. 21, 2017, 9:01 p.m.)
>
>
> Review request for hive, Peter Vary and Thejas Nair.
>
>
> Bugs: HIVE-15931
> https://issues.apache.org/jira/browse/HIVE-15931
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> https://issues.apache.org/jira/browse/HIVE-15931
>
>
> Diffs
> -----
>
> jdbc/src/java/org/apache/hive/jdbc/HiveConnection.java 535ad3d
> jdbc/src/java/org/apache/hive/jdbc/HiveDriver.java a349f8b
> jdbc/src/java/org/apache/hive/jdbc/Utils.java bfae8b9
> jdbc/src/java/org/apache/hive/jdbc/ZooKeeperHiveClientHelper.java 8d6003a
>
>
> Diff: https://reviews.apache.org/r/56763/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Vaibhav Gumashta
>
>