[DRILL-6250] Sqlline start command with password appears in the sqlline.log - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.13.0
Fix Version/s: 1.14.0
Component/s: None
Labels:
- ready-to-commit

Description

Prerequisites:
1. Log level is set to "all" in the conf/logback.xml:

<logger name="org.apache.drill" additivity="false">
    <level value="all" />
    <appender-ref ref="FILE" />
</logger>

2. PLAIN authentication mechanism is configured:

  security.user.auth: {
	enabled: true,
	packages += "org.apache.drill.exec.rpc.user.security",
	impl: "pam",
	pam_profiles: [ "sudo", "login" ]
  }

Steps:
1. Start the drillbits
2. Connect by sqlline:

/opt/mapr/drill/drill-1.13.0/bin/sqlline -u "jdbc:drill:zk=node1:5181;" -n user1 -p 1234

3. Use check the sqlline logs:

tail -F log/sqlline.log|grep 1234 -a5 -b5

Expected result: Logs shouldn't contain clear-text passwords

Actual result: The logs contain the sqlline start command with password:

# system properties
35333-        "java" : {
35352-            # system properties
35384:            "command" : "sqlline.SqlLine -d org.apache.drill.jdbc.Driver --maxWidth=10000 --color=true -u jdbc:drill:zk=node1:5181; -n user1 -p 1234",
35535-            # system properties
35567-            "launcher" : "SUN_STANDARD"
35607-        }

Attachments

Issue Links

is related to

DRILL-6189 Security: passwords logging and file permisions

Closed

links to

GitHub Pull Request #1174

Activity

People

Assignee:: Volodymyr Tkach

Reporter:: Anton Gozhiy

Reviewer:: Arina Ielchiieva

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Mar/18 09:39

Updated:: 22/Mar/18 09:29

Resolved:: 20/Mar/18 21:22