You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Ravi Prakash (JIRA)" <ji...@apache.org> on 2016/02/19 20:58:18 UTC

[jira] [Updated] (HIVE-13091) Beeline logs the username and password to the history file for connect commands

     [ https://issues.apache.org/jira/browse/HIVE-13091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ravi Prakash updated HIVE-13091:
--------------------------------
    Attachment: HIVE-13901.01.patch

Here's a patch which redacts the password AFTER it has been put in the history. I think this is the wrong approach though. We really should never be accepting the password on the command line. For instance if I forgot the {{!}} before the command, the password would still be logged in the history file. I don't know how big a change that would be though....

> Beeline logs the username and password to the history file for connect commands
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-13091
>                 URL: https://issues.apache.org/jira/browse/HIVE-13091
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.2.0
>            Reporter: Ravi Prakash
>            Assignee: Chinna Rao Lalam
>         Attachments: HIVE-13901.01.patch
>
>
> [~farisa] and [~tthompso] found that the beeline client also logs the username and password from a connect command into the beeline history file (Usually found at ~/.beeline/history). We should not be logging the password anywhere.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)