Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
Lens is even showing sensitive properties like lens.server.db.jdbc.user and lens.server.db.jdbc.pass to the client. Server-side params should be hidden from this api
api called:
http://internal-lens-server:9999/lensapi/session/params?sessionid=%3C?xml+version%3D%221.0%22+encoding%3D%22UTF-8%22+standalone%3D%22yes%22?%3E%3ClensSessionHandle%3E%3CpublicId%3E1ebec3a5-cd11-4a3d-b9d5-79e5d9707710%3C/publicId%3E%3CsecretId%3E524384d8-41c5-4459-87be-37fdde4ba14f%3C/secretId%3E%3C/lensSessionHandle%3E
sample output:
<stringList> <elements>hive.metastore.batch.retrieve.max=100</elements> <elements> hive.metastore.batch.retrieve.table.partition.max=500 </elements> <elements>hive.metastore.client.connect.retry.delay=1</elements> <elements>hive.metastore.client.socket.timeout=20</elements> <elements>hive.metastore.connect.retries=5</elements> <elements>hive.metastore.failure.retries=3</elements> <elements>hive.metastore.uris=thrift://localhost:9083</elements> <elements>hive.server2.thrift.bind.host=localhost</elements> <elements>hive.server2.thrift.port=10000</elements> <elements>lens.client.dbname=default</elements> <elements>lens.client.user.name=anonymous</elements> <elements>lens.cube.query.disable.aggregate.resolver=false</elements> <elements>lens.cube.query.disable.auto.join=false</elements> <elements>lens.cube.query.fail.if.data.partial=true</elements> <elements>lens.cube.query.promote.select.togroupby=true</elements> <elements>lens.query.add.insert.overwrite=true</elements> <elements>lens.query.enable.mail.notify=false</elements> <elements>lens.query.enable.metrics.per.query=false</elements> <elements>lens.query.enable.persistent.resultset=false</elements> <elements> lens.query.enable.persistent.resultset.indriver=true </elements> <elements>lens.query.hdfs.output.path=hdfsout</elements> <elements>lens.query.output.charset.encoding=UTF-8</elements> <elements> lens.query.output.compression.codec=org.apache.hadoop.io.compress.GzipCodec </elements> <elements>lens.query.output.enable.compression=false</elements> <elements>lens.query.output.file.extn=.csv</elements> <elements>lens.query.output.write.footer=false</elements> <elements>lens.query.output.write.header=false</elements> <elements> lens.query.result.output.serde=org.apache.lens.lib.query.CSVSerde </elements> <elements> lens.query.result.parent.dir=file:///tmp/lensreports </elements> <elements> lens.query.result.size.format.threshold=10737418240 </elements> <elements>lens.query.result.split.multiple=false</elements> <elements>lens.query.result.split.multiple.maxrows=100000</elements> <elements>lens.server.base.url=http://0.0.0.0:9999/lensapi</elements> <elements>lens.server.db.driver.name=com.mysql.jdbc.Driver</elements> <elements>lens.server.db.jdbc.pass={masked}</elements> <elements> lens.server.db.jdbc.url=jdbc:mysql://localhost:3306/lens </elements> <elements>lens.server.db.jdbc.user={masked}</elements> <elements>lens.server.db.validation.query=select 1</elements> <elements> lens.server.drivers=org.apache.lens.driver.hive.HiveDriver </elements> <elements> lens.session.aux.jars={masked} </elements> <elements>lens.session.cluster.user={masked}</elements> <elements>lens.session.loggedin.user=anonymous</elements> <elements>silent=off</elements> </stringList>