[
https://issues.apache.org/jira/browse/HIVE-20651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631464#comment-16631464
]
Daniel Dai commented on HIVE-20651:
-----------------------------------
Besides putting credential in keystore, the patch also:
1. TableDesc.jobSecrets is serialized into map plan thus defeat the purpose to
use job credential. The patch fixed it
2. Bug fix for using two different jdbc table in one hive statement
Tested with Tez/MR, not sure if this works with Spark or additional work
needed. cc [~stakiar_impala_496e], [~janulatha]
> JdbcStorageHandler password should be encrypted
> -----------------------------------------------
>
> Key: HIVE-20651
> URL: https://issues.apache.org/jira/browse/HIVE-20651
> Project: Hive
> Issue Type: Improvement
> Components: StorageHandler
> Reporter: Daniel Dai
> Assignee: Daniel Dai
> Priority: Major
> Attachments: HIVE-20651.1.patch
>
>
> Currently, external jdbc table with JdbcStorageHandler store password as
> "hive.sql.dbcp.password" table property in clear text. We should put it in a
> keystore file. Here is the proposed change:
> {code:java}
> ….
> STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler'
> TBLPROPERTIES (
> "hive.sql.dbcp.password.keystore" =
> "hdfs:///user/hive/credential/postgres.jceks",
> "hive.sql.dbcp.password.key" = "mydb.password"
> );
> {code}
>
> The jceks file is created with:
> {code}
> hadoop credential create mydb.password -provider
> hdfs:///user/hive/credential/postgres.jceks -v secretpassword
> {code}
> User can choose to put all db password in one jceks, or a separate jceks for
> each db.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
