[HIVE-20651] JdbcStorageHandler password should be encrypted - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.2.0, 4.0.0-alpha-1
Component/s: StorageHandler
Labels:
None

Target Version/s:

3.2.0, 4.0.0
Hadoop Flags:

Reviewed

Description

Currently, external jdbc table with JdbcStorageHandler store password as "hive.sql.dbcp.password" table property in clear text. We should put it in a keystore file. Here is the proposed change:

….
STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler'
TBLPROPERTIES (
"hive.sql.dbcp.password.keystore" = "hdfs:///user/hive/credential/postgres.jceks",
"hive.sql.dbcp.password.key" = "mydb.password"
);

The jceks file is created with:

hadoop credential create mydb.password -provider hdfs:///user/hive/credential/postgres.jceks -v secretpassword

User can choose to put all db password in one jceks, or a separate jceks for each db.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-20651.1.patch
28/Sep/18 07:12
30 kB
Daniel Dai
HIVE-20651.2.patch
29/Sep/18 05:10
31 kB
Daniel Dai
HIVE-20651.3.patch
30/Sep/18 07:45
34 kB
Daniel Dai
HIVE-20651.4.patch
05/Oct/18 05:25
21 kB
Daniel Dai
HIVE-20651.5.patch
05/Oct/18 21:14
34 kB
Daniel Dai
HIVE-20651.6.patch
05/Oct/18 22:43
35 kB
Daniel Dai
HIVE-20651.7.patch
07/Oct/18 04:27
35 kB
Daniel Dai

Issue Links

links to

Activity

People

Assignee:: Daniel Dai

Reporter:: Daniel Dai

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Sep/18 07:11

Updated:: 17/Nov/22 08:54

Resolved:: 07/Oct/18 17:29