You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Peter Vary (JIRA)" <ji...@apache.org> on 2018/11/05 15:23:00 UTC

[jira] [Updated] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged

     [ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Vary updated HIVE-20796:
------------------------------
       Resolution: Fixed
    Fix Version/s: 4.0.0
           Status: Resolved  (was: Patch Available)

Pushed to master.
Thanks for the patch [~lpinter], and [~asherman], [~dkuzmenko] for the review!

> jdbc URL can contain sensitive information that should not be logged
> --------------------------------------------------------------------
>
>                 Key: HIVE-20796
>                 URL: https://issues.apache.org/jira/browse/HIVE-20796
>             Project: Hive
>          Issue Type: Improvement
>          Components: Hive
>    Affects Versions: 4.0.0
>            Reporter: Laszlo Pinter
>            Assignee: Laszlo Pinter
>            Priority: Major
>             Fix For: 4.0.0
>
>         Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch, HIVE-20796.03.patch, HIVE-20796.04.patch, HIVE-20796.05.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc drivers will supposedly use that. (derby, mysql). This information is considered sensitive, and should be masked out, while logging the connection url.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)