You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Junjie Chen (JIRA)" <ji...@apache.org> on 2016/08/05 01:05:20 UTC
[jira] [Issue Comment Deleted] (HIVE-11555) Beeline sends password
in clear text if we miss -ssl=true flag in the connect string
[ https://issues.apache.org/jira/browse/HIVE-11555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Junjie Chen updated HIVE-11555:
-------------------------------
Comment: was deleted
(was: It should be simple if the ssl option set to true by defualt.)
> Beeline sends password in clear text if we miss -ssl=true flag in the connect string
> ------------------------------------------------------------------------------------
>
> Key: HIVE-11555
> URL: https://issues.apache.org/jira/browse/HIVE-11555
> Project: Hive
> Issue Type: Bug
> Components: Beeline
> Affects Versions: 1.2.0
> Reporter: bharath v
> Assignee: Junjie Chen
>
> {code}
> I used tcpdump to display the network traffic:
> [root@fe01 ~]# beeline
> Beeline version 0.13.1-cdh5.3.2 by Apache Hive
> beeline> !connect jdbc:hive2://fe01.sectest.poc:10000/default
> Connecting to jdbc:hive2://fe01.sectest.poc:10000/default
> Enter username for jdbc:hive2://fe01.sectest.poc:10000/default: tdaranyi
> Enter password for jdbc:hive2://fe01.sectest.poc:10000/default: *********
> (I entered "cleartext" as the password)
> The tcpdump in a different window
> tdaranyi@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 10000
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
> (...)
> 10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.], seq 11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr 2412851969], length 24
> 0x0000: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:....f
> 0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h
> 0x0020: 8018 0200 c25b 0000 0101 080a 8fd1 3301 .....[........3.
> 0x0030: 8fd1 3301 0500 0000 1300 7464 6172 616e ..3.......tdaran
> 0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext
> (...)
> {code}
> We rely on the user supplied configuration to decide whether to open an SSL socket or a Plain one. Instead we can negotiate this information from the HS2 and connect accordingly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)