diff --git standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java index 9c15804049..8dfe4d333d 100644 --- standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java +++ standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ObjectStore.java @@ -53,6 +53,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; +import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.jdo.JDOCanRetryException; @@ -472,7 +473,22 @@ private static Properties getDataSourceProps(Configuration conf) { String confVal = MetastoreConf.getAsString(conf, var); String varName = var.getVarname(); Object prevVal = prop.setProperty(varName, confVal); - if (MetastoreConf.isPrintable(varName)) { + if (LOG.isDebugEnabled() && MetastoreConf.isPrintable(varName)) { + // The jdbc connection url can contain sensitive information like username and password + // which should be masked out before logging. + if (varName.equals(ConfVars.CONNECT_URL_KEY)) { + confVal = confVal.trim(); + Pattern pattern = Pattern.compile("[;,\\?&]password=((.*?[;,&\\)])|(.*?)$)"); + Matcher matcher = pattern.matcher(confVal); + int start = 0; + StringBuffer buffer = new StringBuffer(); + while (matcher.find()) { + buffer.append(confVal.substring(start, matcher.start() + 1) + "password=****"); + start = matcher.end() < confVal.length() ? matcher.end() - 1 : matcher.end(); + } + buffer.append(confVal.substring(start)); + confVal = buffer.toString(); + } LOG.debug("Overriding {} value {} from jpox.properties with {}", varName, prevVal, confVal); }