You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2024/01/03 07:22:00 UTC

[jira] [Commented] (IMPALA-12380) Securing dbcp.password for JDBC external data source

    [ https://issues.apache.org/jira/browse/IMPALA-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17802037#comment-17802037 ] 

ASF subversion and git services commented on IMPALA-12380:
----------------------------------------------------------

Commit 9a132bc436e956641e1eb58073b446f71369fb3c in impala's branch refs/heads/master from Gaurav Singh
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=9a132bc43 ]

IMPALA-12380: Securing dbcp.password for JDBC
external data source

In the current implementation of external JDBC data source,
the user has to provide both the username and password in
plain text which is not a good practice.

This patch extends the functionality of existing implementation
to either provide:
a) username and password
b) username or key and keystore

If the user provides the password, then that password is used.
However, if no password is provided and the user provides only the
key/keystore, then it fetches the password from the secure jceks
keystore.

Testing:
- Added unit test TestExtDataSourcesWithKeyStore

Change-Id: Iec83a9b6e00456f0a1bbee747bd752b2cf9bf238
Reviewed-on: http://gerrit.cloudera.org:8080/20809
Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


> Securing dbcp.password for JDBC external data source
> ----------------------------------------------------
>
>                 Key: IMPALA-12380
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12380
>             Project: IMPALA
>          Issue Type: Sub-task
>            Reporter: Wenzhe Zhou
>            Assignee: gaurav singh
>            Priority: Major
>             Fix For: Impala 4.4.0
>
>
> In the first patch of JDBC external data source (https://gerrit.cloudera.org/#/c/17842/) 
> "dbcp.password" is provided as clear text in the table property. We should allow user to store password in a Java keystore file on HDFS and protect the keystore file for the authorized users.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org