[HIVE-11555] Beeline sends password in clear text if we miss -ssl=true flag in the connect string - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Bulk Copy Attachments

Bulk Move Attachments

Add vote

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.2.0
Fix Version/s: None
Component/s: Beeline
Labels:
None

Description

I used tcpdump to display the network traffic: 

[root@fe01 ~]# beeline 
Beeline version 0.13.1-cdh5.3.2 by Apache Hive 
beeline> !connect jdbc:hive2://fe01.sectest.poc:10000/default 
Connecting to jdbc:hive2://fe01.sectest.poc:10000/default 
Enter username for jdbc:hive2://fe01.sectest.poc:10000/default: tdaranyi 
Enter password for jdbc:hive2://fe01.sectest.poc:10000/default: ********* 
(I entered "cleartext" as the password) 

The tcpdump in a different window 
tdaranyi@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 10000 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 
(...) 
10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.], seq 11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr 2412851969], length 24 
0x0000: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:....f 
0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h 
0x0020: 8018 0200 c25b 0000 0101 080a 8fd1 3301 .....[........3. 
0x0030: 8fd1 3301 0500 0000 1300 7464 6172 616e ..3.......tdaran 
0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext 
(...)

We rely on the user supplied configuration to decide whether to open an SSL socket or a Plain one. Instead we can negotiate this information from the HS2 and connect accordingly.