----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68710/#review208862 -----------------------------------------------------------
service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java Line 546 (original), 546 (patched) <https://reviews.apache.org/r/68710/#comment293099> why give a clue about password length? Maybe just always print **** or something? - Andrew Sherman On Sept. 21, 2018, 3:31 p.m., Karen Coppage wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68710/ > ----------------------------------------------------------- > > (Updated Sept. 21, 2018, 3:31 p.m.) > > > Review request for hive and Laszlo Pinter. > > > Bugs: HIVE-20544 > https://issues.apache.org/jira/browse/HIVE-20544 > > > Repository: hive-git > > > Description > ------- > > TOpenSessionReq, if client protocol is unset, both username and password are > logged. Logging a password is a security risk. This patch would hide it with > asterisks. > > > Diffs > ----- > > service-rpc/pom.xml d6a07a55bc > > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java > 3195e704f3 > > > Diff: https://reviews.apache.org/r/68710/diff/3/ > > > Testing > ------- > > > Thanks, > > Karen Coppage > >