You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Junjie Chen (JIRA)" <ji...@apache.org> on 2016/08/05 01:05:20 UTC

[jira] [Issue Comment Deleted] (HIVE-11555) Beeline sends password in clear text if we miss -ssl=true flag in the connect string

     [ https://issues.apache.org/jira/browse/HIVE-11555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Junjie Chen updated HIVE-11555:
-------------------------------
    Comment: was deleted

(was: It should be simple if the ssl option set to true by defualt.)

> Beeline sends password in clear text if we miss -ssl=true flag in the connect string
> ------------------------------------------------------------------------------------
>
>                 Key: HIVE-11555
>                 URL: https://issues.apache.org/jira/browse/HIVE-11555
>             Project: Hive
>          Issue Type: Bug
>          Components: Beeline
>    Affects Versions: 1.2.0
>            Reporter: bharath v
>            Assignee: Junjie Chen
>
> {code}
> I used tcpdump to display the network traffic: 
> [root@fe01 ~]# beeline 
> Beeline version 0.13.1-cdh5.3.2 by Apache Hive 
> beeline> !connect jdbc:hive2://fe01.sectest.poc:10000/default 
> Connecting to jdbc:hive2://fe01.sectest.poc:10000/default 
> Enter username for jdbc:hive2://fe01.sectest.poc:10000/default: tdaranyi 
> Enter password for jdbc:hive2://fe01.sectest.poc:10000/default: ********* 
> (I entered "cleartext" as the password) 
> The tcpdump in a different window 
> tdaranyi@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 10000 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
> listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 
> (...) 
> 10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.], seq 11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr 2412851969], length 24 
> 0x0000: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:....f 
> 0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h 
> 0x0020: 8018 0200 c25b 0000 0101 080a 8fd1 3301 .....[........3. 
> 0x0030: 8fd1 3301 0500 0000 1300 7464 6172 616e ..3.......tdaran 
> 0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext 
> (...) 
> {code}
> We rely on the user supplied configuration to decide whether to open an SSL socket or a Plain one. Instead we can negotiate this information from the HS2 and connect accordingly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)