bharath v created HIVE-11555:
--------------------------------
Summary: Beeline sends password in clear text if we miss -ssl=true
flag in the connect string
Key: HIVE-11555
URL: https://issues.apache.org/jira/browse/HIVE-11555
Project: Hive
Issue Type: Bug
Components: Beeline
Affects Versions: 1.2.0
Reporter: bharath v
{code}
I used tcpdump to display the network traffic:
[root@fe01 ~]# beeline
Beeline version 0.13.1-cdh5.3.2 by Apache Hive
beeline> !connect jdbc:hive2://fe01.sectest.poc:10000/default
Connecting to jdbc:hive2://fe01.sectest.poc:10000/default
Enter username for jdbc:hive2://fe01.sectest.poc:10000/default: tdaranyi
Enter password for jdbc:hive2://fe01.sectest.poc:10000/default: *********
(I entered "cleartext" as the password)
The tcpdump in a different window
tdara...@fe01.sectest.poc:~$ sudo tcpdump -n -X -i lo port 10000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
(...)
10:25:16.329974 IP 192.168.32.102.54322 > 192.168.32.102.ndmp: Flags [P.], seq
11:35, ack 1, win 512, options [nop,nop,TS val 2412851969 ecr 2412851969],
length 24
0x0000: 4500 004c 3dd3 4000 4006 3abc c0a8 2066 E..L=.@.@.:....f
0x0010: c0a8 2066 d432 2710 714c 0edc b45c 9268 ...f.2'.qL...\.h
0x0020: 8018 0200 c25b 0000 0101 080a 8fd1 3301 .....[........3.
0x0030: 8fd1 3301 0500 0000 1300 7464 6172 616e ..3.......tdaran
0x0040: 7969 0063 6c65 6172 7465 7874 yi.cleartext
(...)
{code}
We rely on the user supplied configuration to decide whether to open an SSL
socket or a Plain one. Instead we can negotiate this information from the HS2
and connect accordingly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
