hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Vary (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-20796) jdbc URL can contain sensitive information that should not be logged
Date Fri, 26 Oct 2018 12:48:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-20796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16665128#comment-16665128
] 

Peter Vary commented on HIVE-20796:
-----------------------------------

HIVE-20796.05.patch is even better +1 pending tests :D

> jdbc URL can contain sensitive information that should not be logged
> --------------------------------------------------------------------
>
>                 Key: HIVE-20796
>                 URL: https://issues.apache.org/jira/browse/HIVE-20796
>             Project: Hive
>          Issue Type: Improvement
>          Components: Hive
>    Affects Versions: 4.0.0
>            Reporter: Laszlo Pinter
>            Assignee: Laszlo Pinter
>            Priority: Major
>         Attachments: HIVE-20796.01.patch, HIVE-20796.02.patch, HIVE-20796.03.patch, HIVE-20796.04.patch,
HIVE-20796.05.patch
>
>
> It is possible to put passwords in the jdbc connection url and some jdbc drivers will
supposedly use that. (derby, mysql). This information is considered sensitive, and should
be masked out, while logging the connection url.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message