You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Kent Yao (Jira)" <ji...@apache.org> on 2023/03/28 08:49:00 UTC
[jira] [Created] (SPARK-42946) Sensitive data could still be exposed by variable substitution
Kent Yao created SPARK-42946:
--------------------------------
Summary: Sensitive data could still be exposed by variable substitution
Key: SPARK-42946
URL: https://issues.apache.org/jira/browse/SPARK-42946
Project: Spark
Issue Type: Improvement
Components: SQL
Affects Versions: 3.3.2, 3.4.0
Reporter: Kent Yao
Case 1 by SET syntax's key part
{code:java}
Time taken: 0.017 seconds, Fetched 1 row(s)
spark-sql> set ${spark.ssl.keyPassword}
> ;
abc <undefined> {code}
Case 2 by SELECT as String lit
{code:java}
spark-sql> set spark.ssl.keyPassword;
spark.ssl.keyPassword *********(redacted)
Time taken: 0.009 seconds, Fetched 1 row(s)
spark-sql> select '${spark.ssl.keyPassword}'
> ;
abc
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org