[LENS-446] server params should not be passed to session and drivers - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.4
Component/s: server
Labels:
- incompatible

Description

Lens is even showing sensitive properties like lens.server.db.jdbc.user and lens.server.db.jdbc.pass to the client. Server-side params should be hidden from this api

api called:

http://internal-lens-server:9999/lensapi/session/params?sessionid=%3C?xml+version%3D%221.0%22+encoding%3D%22UTF-8%22+standalone%3D%22yes%22?%3E%3ClensSessionHandle%3E%3CpublicId%3E1ebec3a5-cd11-4a3d-b9d5-79e5d9707710%3C/publicId%3E%3CsecretId%3E524384d8-41c5-4459-87be-37fdde4ba14f%3C/secretId%3E%3C/lensSessionHandle%3E

sample output:

<stringList>
<elements>hive.metastore.batch.retrieve.max=100</elements>
<elements>
hive.metastore.batch.retrieve.table.partition.max=500
</elements>
<elements>hive.metastore.client.connect.retry.delay=1</elements>
<elements>hive.metastore.client.socket.timeout=20</elements>
<elements>hive.metastore.connect.retries=5</elements>
<elements>hive.metastore.failure.retries=3</elements>
<elements>hive.metastore.uris=thrift://localhost:9083</elements>
<elements>hive.server2.thrift.bind.host=localhost</elements>
<elements>hive.server2.thrift.port=10000</elements>
<elements>lens.client.dbname=default</elements>
<elements>lens.client.user.name=anonymous</elements>
<elements>lens.cube.query.disable.aggregate.resolver=false</elements>
<elements>lens.cube.query.disable.auto.join=false</elements>
<elements>lens.cube.query.fail.if.data.partial=true</elements>
<elements>lens.cube.query.promote.select.togroupby=true</elements>
<elements>lens.query.add.insert.overwrite=true</elements>
<elements>lens.query.enable.mail.notify=false</elements>
<elements>lens.query.enable.metrics.per.query=false</elements>
<elements>lens.query.enable.persistent.resultset=false</elements>
<elements>
lens.query.enable.persistent.resultset.indriver=true
</elements>
<elements>lens.query.hdfs.output.path=hdfsout</elements>
<elements>lens.query.output.charset.encoding=UTF-8</elements>
<elements>
lens.query.output.compression.codec=org.apache.hadoop.io.compress.GzipCodec
</elements>
<elements>lens.query.output.enable.compression=false</elements>
<elements>lens.query.output.file.extn=.csv</elements>
<elements>lens.query.output.write.footer=false</elements>
<elements>lens.query.output.write.header=false</elements>
<elements>
lens.query.result.output.serde=org.apache.lens.lib.query.CSVSerde
</elements>
<elements>
lens.query.result.parent.dir=file:///tmp/lensreports
</elements>
<elements>
lens.query.result.size.format.threshold=10737418240
</elements>
<elements>lens.query.result.split.multiple=false</elements>
<elements>lens.query.result.split.multiple.maxrows=100000</elements>
<elements>lens.server.base.url=http://0.0.0.0:9999/lensapi</elements>
<elements>lens.server.db.driver.name=com.mysql.jdbc.Driver</elements>
<elements>lens.server.db.jdbc.pass={masked}</elements>
<elements>
lens.server.db.jdbc.url=jdbc:mysql://localhost:3306/lens
</elements>
<elements>lens.server.db.jdbc.user={masked}</elements>
<elements>lens.server.db.validation.query=select 1</elements>
<elements>
lens.server.drivers=org.apache.lens.driver.hive.HiveDriver
</elements>
<elements>
lens.session.aux.jars={masked}
</elements>
<elements>lens.session.cluster.user={masked}</elements>
<elements>lens.session.loggedin.user=anonymous</elements>
<elements>silent=off</elements>
</stringList>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

LENS-446.patch
08/Oct/15 08:43
8 kB
Amareshwari Sriramadasu

Activity

People

Assignee:: Amareshwari Sriramadasu

Reporter:: Angad Singh

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Mar/15 11:48

Updated:: 17/Nov/15 11:49

Resolved:: 08/Oct/15 09:51