FAQ
Binglin Chang created HIVE-9013:
-----------------------------------

              Summary: Hive set command exposes metastore db password
                  Key: HIVE-9013
                  URL: https://issues.apache.org/jira/browse/HIVE-9013
              Project: Hive
           Issue Type: Bug
             Reporter: Binglin Chang


When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
I think conf var in the restrict list should also excluded from dump vars command.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Search Discussions

  • Binglin Chang (JIRA) at Dec 3, 2014 at 1:04 pm
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Binglin Chang updated HIVE-9013:
    --------------------------------
         Affects Version/s: 0.13.1
                    Status: Patch Available (was: Open)
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Binglin Chang (JIRA) at Dec 3, 2014 at 1:04 pm
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Binglin Chang updated HIVE-9013:
    --------------------------------
         Attachment: HIVE-9013.1.patch
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Sergey Shelukhin (JIRA) at Dec 3, 2014 at 9:22 pm
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14233534#comment-14233534 ]

    Sergey Shelukhin commented on HIVE-9013:
    ----------------------------------------

    would one still be able to get it via "set javax.jdo.option.ConnectionPassword"?
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Binglin Chang (JIRA) at Dec 4, 2014 at 3:19 am
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Binglin Chang updated HIVE-9013:
    --------------------------------
         Attachment: HIVE-9013.2.patch

    Right, should check get single conf case too, thanks for the review! Update the patch.
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Sergey Shelukhin (JIRA) at Dec 4, 2014 at 8:32 pm
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14234593#comment-14234593 ]

    Sergey Shelukhin commented on HIVE-9013:
    ----------------------------------------

    Can you add some message if it's restricted for single-property case? Otherwise +1
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Binglin Chang (JIRA) at Dec 5, 2014 at 4:04 am
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Binglin Chang updated HIVE-9013:
    --------------------------------
         Attachment: HIVE-9013.3.patch

    1. Add exception when get restricted conf, like set restricted conf does.
    2. add javax.jdo.option.ConnectionPassword to RESTRICTED_LIST by default


    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Hive QA (JIRA) at Dec 5, 2014 at 3:03 pm
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14235575#comment-14235575 ]

    Hive QA commented on HIVE-9013:
    -------------------------------



    {color:red}Overall{color}: -1 at least one tests failed

    Here are the results of testing the latest attachment:
    https://issues.apache.org/jira/secure/attachment/12685240/HIVE-9013.3.patch

    {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 6695 tests executed
    *Failed tests:*
    {noformat}
    org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_vector_decimal_aggregate
    {noformat}

    Test results: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1967/testReport
    Console output: http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/1967/console
    Test logs: http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-1967/

    Messages:
    {noformat}
    Executing org.apache.hive.ptest.execution.PrepPhase
    Executing org.apache.hive.ptest.execution.ExecutionPhase
    Executing org.apache.hive.ptest.execution.ReportingPhase
    Tests exited with: TestsFailedException: 1 tests failed
    {noformat}

    This message is automatically generated.

    ATTACHMENT ID: 12685240 - PreCommit-HIVE-TRUNK-Build
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)
  • Binglin Chang (JIRA) at Dec 15, 2014 at 3:00 am
    [ https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Binglin Chang reassigned HIVE-9013:
    -----------------------------------

         Assignee: Binglin Chang
    Hive set command exposes metastore db password
    ----------------------------------------------

    Key: HIVE-9013
    URL: https://issues.apache.org/jira/browse/HIVE-9013
    Project: Hive
    Issue Type: Bug
    Affects Versions: 0.13.1
    Reporter: Binglin Chang
    Assignee: Binglin Chang
    Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch


    When auth is enabled, we still need set command to set some variables(e.g. mapreduce.job.queuename), but set command alone also list all information(including vars in restrict list), this exposes like "javax.jdo.option.ConnectionPassword"
    I think conf var in the restrict list should also excluded from dump vars command.


    --
    This message was sent by Atlassian JIRA
    (v6.3.4#6332)

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupdev @
categorieshive, hadoop
postedDec 3, '14 at 12:49p
activeDec 15, '14 at 3:00a
posts9
users1
websitehive.apache.org

1 user in discussion

Binglin Chang (JIRA): 9 posts

People

Translate

site design / logo © 2022 Grokbase