[
https://issues.apache.org/jira/browse/HIVE-9013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952485#comment-14952485
]
Thejas M Nair commented on HIVE-9013:
-------------------------------------
Thanks for creating the jira and your patch [~decster]!
I think we should make the solution for this consistent with what was done in
HIVE-10508. The problem is same. I think the same rules should be used in both
places.
Another comment I have is that we should distinguish between settings that user
should not be allowed to change from client and ones that user should be
allowed to read.
For debugging purposes, it is helpful to read config values such as
hive.security.authenticator.manager,hive.security.authorization.manager,hive.users.in.admin.role
.
> Hive set command exposes metastore db password
> ----------------------------------------------
>
> Key: HIVE-9013
> URL: https://issues.apache.org/jira/browse/HIVE-9013
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.13.1
> Reporter: Binglin Chang
> Assignee: Binglin Chang
> Attachments: HIVE-9013.1.patch, HIVE-9013.2.patch, HIVE-9013.3.patch
>
>
> When auth is enabled, we still need set command to set some variables(e.g.
> mapreduce.job.queuename), but set command alone also list all
> information(including vars in restrict list), this exposes like
> "javax.jdo.option.ConnectionPassword"
> I think conf var in the restrict list should also excluded from dump vars
> command.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
