You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Laszlo Pinter (JIRA)" <ji...@apache.org> on 2018/10/24 14:13:00 UTC

[jira] [Comment Edited] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged

    [ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16662329#comment-16662329 ] 

Laszlo Pinter edited comment on HIVE-20796 at 10/24/18 2:12 PM:
----------------------------------------------------------------

Indeed, it is similar, but I was thinking of different scenario. In the hive-site.xml you can provide the connection url and the credentials as different entries
{code:xml}
<property>
<name>javax.jdo.option.ConnectionURL</name>
<value>jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true</value>
</property>

<property> 
<name>javax.jdo.option.ConnectionUserName</name> 
<value>username</value> 
</property>

<property> 
<name>javax.jdo.option.ConnectionPassword</name> 
<value>password</value> 
</property>
{code}
But it is possible to specify the credentials as part of the connection url
{code:xml}
<property>
  <name>javax.jdo.option.ConnectionURL</name>
  <value>jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true;username=username;password=password</value>
</property>
  {code}
While overriding the default configuration values from jpox.properties, the old and new entries are logged out (ObjectStore#getDataSourceProps())
{code:java}
if (MetastoreConf.isPrintable(varName)) {
  LOG.debug("Overriding {} value {} from jpox.properties with {}",
    varName, prevVal, confVal);
}
{code}
Since the jdbc url is not marked as unprintable, all of it contents will be written to debug log. 


was (Author: lpinter):
Indeed is similar, but I was thinking of different scenario. In the hive-site.xml you can provide the connection url and the credentials as different entries
{code:xml}
<property>
<name>javax.jdo.option.ConnectionURL</name>
<value>jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true</value>
</property>

<property> 
<name>javax.jdo.option.ConnectionUserName</name> 
<value>username</value> 
</property>

<property> 
<name>javax.jdo.option.ConnectionPassword</name> 
<value>password</value> 
</property>
{code}
But it is possible to specify the credentials as part of the connection url
{code:xml}
<property>
  <name>javax.jdo.option.ConnectionURL</name>
  <value>jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true;username=username;password=password</value>
</property>
  {code}
While overriding the default configuration values from jpox.properties, the old and new entries are logged out (ObjectStore#getDataSourceProps())
{code:java}
if (MetastoreConf.isPrintable(varName)) {
  LOG.debug("Overriding {} value {} from jpox.properties with {}",
    varName, prevVal, confVal);
}
{code}
Since the jdbc url is not marked as unprintable, all of it contents will be written to debug log. 

> jdbc URL can contain sensitive information that should not be logged
> --------------------------------------------------------------------
>
>                 Key: HIVE-20796
>                 URL: https://issues.apache.org/jira/browse/HIVE-20796
>             Project: Hive
>          Issue Type: Improvement
>          Components: Hive
>    Affects Versions: 4.0.0
>            Reporter: Laszlo Pinter
>            Assignee: Laszlo Pinter
>            Priority: Major
>
> It is possible to put passwords in the jdbc connection url and some jdbc drivers will supposedly use that. (derby, mysql). This information is considered sensitive, and should be masked out, while logging the connection url.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)