Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6250

Sqlline start command with password appears in the sqlline.log

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.13.0
    • Fix Version/s: 1.14.0
    • Component/s: None
    • Labels:

      Description

      Prerequisites:
      1. Log level is set to "all" in the conf/logback.xml:

      <logger name="org.apache.drill" additivity="false">
          <level value="all" />
          <appender-ref ref="FILE" />
      </logger>
      

      2. PLAIN authentication mechanism is configured:

        security.user.auth: {
      	enabled: true,
      	packages += "org.apache.drill.exec.rpc.user.security",
      	impl: "pam",
      	pam_profiles: [ "sudo", "login" ]
        }
      

      Steps:
      1. Start the drillbits
      2. Connect by sqlline:

      /opt/mapr/drill/drill-1.13.0/bin/sqlline -u "jdbc:drill:zk=node1:5181;" -n user1 -p 1234
      

      3. Use check the sqlline logs:

      tail -F log/sqlline.log|grep 1234 -a5 -b5
      

      Expected result: Logs shouldn't contain clear-text passwords

      Actual result: The logs contain the sqlline start command with password:

      # system properties
      35333-        "java" : {
      35352-            # system properties
      35384:            "command" : "sqlline.SqlLine -d org.apache.drill.jdbc.Driver --maxWidth=10000 --color=true -u jdbc:drill:zk=node1:5181; -n user1 -p 1234",
      35535-            # system properties
      35567-            "launcher" : "SUN_STANDARD"
      35607-        }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                volodymyr.tkach Volodymyr Tkach
                Reporter:
                angozhiy Anton Gozhiy
                Reviewer:
                Arina Ielchiieva
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: