hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Vary (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
Date Thu, 25 Oct 2018 11:28:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16663609#comment-16663609
] 

Peter Vary commented on HIVE-20796:
-----------------------------------

[~lpinter]: Would it be a good idea to put this to an util method and write some unit test
for it? I think this way we can be sure that it handles every possible situation, and it will
not be changed later accidentally. What do you think?

> jdbc URL can contain sensitive information that should not be logged
> --------------------------------------------------------------------
>
>                 Key: HIVE-20796
>                 URL: https://issues.apache.org/jira/browse/HIVE-20796
>             Project: Hive
>          Issue Type: Improvement
>          Components: Hive
>    Affects Versions: 4.0.0
>            Reporter: Laszlo Pinter
>            Assignee: Laszlo Pinter
>            Priority: Major
>         Attachments: HIVE-20796.01.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc drivers will
supposedly use that. (derby, mysql). This information is considered sensitive, and should
be masked out, while logging the connection url.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message