You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Daniel Dai (JIRA)" <ji...@apache.org> on 2018/09/28 07:22:00 UTC
[jira] [Commented] (HIVE-20651) JdbcStorageHandler password should
be encrypted
[ https://issues.apache.org/jira/browse/HIVE-20651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631464#comment-16631464 ]
Daniel Dai commented on HIVE-20651:
-----------------------------------
Besides putting credential in keystore, the patch also:
1. TableDesc.jobSecrets is serialized into map plan thus defeat the purpose to use job credential. The patch fixed it
2. Bug fix for using two different jdbc table in one hive statement
Tested with Tez/MR, not sure if this works with Spark or additional work needed. cc [~stakiar_impala_496e], [~janulatha]
> JdbcStorageHandler password should be encrypted
> -----------------------------------------------
>
> Key: HIVE-20651
> URL: https://issues.apache.org/jira/browse/HIVE-20651
> Project: Hive
> Issue Type: Improvement
> Components: StorageHandler
> Reporter: Daniel Dai
> Assignee: Daniel Dai
> Priority: Major
> Attachments: HIVE-20651.1.patch
>
>
> Currently, external jdbc table with JdbcStorageHandler store password as "hive.sql.dbcp.password" table property in clear text. We should put it in a keystore file. Here is the proposed change:
> {code:java}
> ….
> STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler'
> TBLPROPERTIES (
> "hive.sql.dbcp.password.keystore" = "hdfs:///user/hive/credential/postgres.jceks",
> "hive.sql.dbcp.password.key" = "mydb.password"
> );
> {code}
>
> The jceks file is created with:
> {code}
> hadoop credential create mydb.password -provider hdfs:///user/hive/credential/postgres.jceks -v secretpassword
> {code}
> User can choose to put all db password in one jceks, or a separate jceks for each db.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)