You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Anton Gozhiy (JIRA)" <ji...@apache.org> on 2018/03/15 09:40:00 UTC
[jira] [Created] (DRILL-6250) Sqlline start command with password
appears in the sqlline.log
Anton Gozhiy created DRILL-6250:
-----------------------------------
Summary: Sqlline start command with password appears in the sqlline.log
Key: DRILL-6250
URL: https://issues.apache.org/jira/browse/DRILL-6250
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.13.0
Reporter: Anton Gozhiy
*Prerequisites:*
*1.* Log level is set to "all" in the conf/logback.xml:
{code:xml}
<logger name="org.apache.drill" additivity="false">
<level value="all" />
<appender-ref ref="FILE" />
</logger>
{code}
*2.* PLAIN authentication mechanism is configured:
{code:java}
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
{code}
*Steps:*
*1.* Start the drillbits
*2.* Connect by sqlline:
{noformat}
/opt/mapr/drill/drill-1.13.0/bin/sqlline -u "jdbc:drill:zk=node1:5181;" -n user1 -p 1234
{noformat}
*3.* Use check the sqlline logs:
{noformat}
tail -F log/sqlline.log|grep 1234 -a5 -b5
{noformat}
*Expected result:* Logs shouldn't contain clear-text passwords
*Actual result:* The logs contain the sqlline start command with password:
{noformat}
# system properties
35333- "java" : {
35352- # system properties
35384: "command" : "sqlline.SqlLine -d org.apache.drill.jdbc.Driver --maxWidth=10000 --color=true -u jdbc:drill:zk=node1:5181; -n user1 -p 1234",
35535- # system properties
35567- "launcher" : "SUN_STANDARD"
35607- }
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)