hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Fröhlich (JIRA) <j...@apache.org>
Subject [jira] [Updated] (HIVE-16089) "trustStorePassword" is logged as part of jdbc connection url
Date Fri, 03 Mar 2017 15:37:45 GMT

     [ https://issues.apache.org/jira/browse/HIVE-16089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sebastian Fröhlich updated HIVE-16089:
--------------------------------------
    Description: 
h5. General Story
The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL encryption
is enabled.
It was required to set the ssl-trust store password property {{trustStorePassword}} in the
jdbc connection url.

If the property is passed via "properties" parameter into {{Driver.connect(url, properties)}}
this will not recognized.

h5. Log message
{code}
2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] 
|jdbc.Utils|: Resolved authority: <hostname>:<port>
2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] |jdbc.HiveConnection|: Will try to open client transport with JDBC Uri: jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
{code}
E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}

h5. Suggested Behavior
The property {{trustStorePassword}} could be part of the "properties" parameter. This way
the password is not part of the JDBC connection url.

h5. Acceptance Criteria
The ssl trust store password should not be logged as part of the JDBC connection string.
Support the trust store password via the properties parameter within connect.

  was:
h5. General Story
The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL encryption
is enabled.
It was required to set the ssl-trust store password property {{trustStorePassword}} in the
jdbc connection url.

If the property is passed via "properties" parameter into {{Driver.connect(url, properties)}}
this will not recognized.

h5. Suggested Behavior
The property {{trustStorePassword}} could be part of the "properties" parameter. This way
the password is not part of the JDBC connection url.

h5. Acceptance Criteria
The ssl trust store password should not be logged as part of the JDBC connection string.
Support the trust store password via the properties parameter within connect.


> "trustStorePassword" is logged as part of jdbc connection url
> -------------------------------------------------------------
>
>                 Key: HIVE-16089
>                 URL: https://issues.apache.org/jira/browse/HIVE-16089
>             Project: Hive
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions: 1.1.0
>            Reporter: Sebastian Fröhlich
>              Labels: security
>
> h5. General Story
> The use case is to connect via the Apache Hive JDBC driver to a Hive where SSL encryption
is enabled.
> It was required to set the ssl-trust store password property {{trustStorePassword}} in
the jdbc connection url.
> If the property is passed via "properties" parameter into {{Driver.connect(url, properties)}}
this will not recognized.
> h5. Log message
> {code}
> 2017-03-03 09:57:58,385 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] 
> |jdbc.Utils|: Resolved authority: <hostname>:<port>
> 2017-03-03 09:57:58,539 [INFO] [InputInitializer {Map for sheets:[import] (fce7cd11-d489-4a13-a3a9-4c81d2907c87)}
#0] |jdbc.HiveConnection|: Will try to open client transport with JDBC Uri: jdbc:hive2://<hostname>:<port>/;ssl=true;sslTrustStore=/tmp/hs2keystore.jks;trustStorePassword=<password>
> {code}
> E.g. produced by code {{org.apache.hive.jdbc.HiveConnection#openTransport()}}
> h5. Suggested Behavior
> The property {{trustStorePassword}} could be part of the "properties" parameter. This
way the password is not part of the JDBC connection url.
> h5. Acceptance Criteria
> The ssl trust store password should not be logged as part of the JDBC connection string.
> Support the trust store password via the properties parameter within connect.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message