You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Karen Coppage (JIRA)" <ji...@apache.org> on 2018/09/13 09:29:00 UTC
[jira] [Work started] (HIVE-20544) TOpenSessionReq logs password
and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on HIVE-20544 started by Karen Coppage.
--------------------------------------------
> TOpenSessionReq logs password and username
> ------------------------------------------
>
> Key: HIVE-20544
> URL: https://issues.apache.org/jira/browse/HIVE-20544
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 4.0.0
> Reporter: Karen Coppage
> Assignee: Karen Coppage
> Priority: Major
> Labels: beginner, patch, security
>
> In service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, if client protocol is unset, validate() and toString() prints both username and password to logs.
> Logging a password is a security risk. We should hide the *******.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)