> On Sept. 21, 2018, 3:41 p.m., Andrew Sherman wrote:
> > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
> > Line 546 (original), 546 (patched)
> > <https://reviews.apache.org/r/68710/diff/3/?file=2090888#file2090888line546>
> >
> > why give a clue about password length? Maybe just always print **** or
> > something?
Thanks for taking a look, Andrew! Fair point. I would worry that just printing
some asterisks could confuse someone ("Is my password really that short?"), so
i'll replace the password mask with a simple "-" in the next patch.
- Karen
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68710/#review208862
-----------------------------------------------------------
On Sept. 21, 2018, 3:31 p.m., Karen Coppage wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68710/
> -----------------------------------------------------------
>
> (Updated Sept. 21, 2018, 3:31 p.m.)
>
>
> Review request for hive and Laszlo Pinter.
>
>
> Bugs: HIVE-20544
> https://issues.apache.org/jira/browse/HIVE-20544
>
>
> Repository: hive-git
>
>
> Description
> -------
>
> TOpenSessionReq, if client protocol is unset, both username and password are
> logged. Logging a password is a security risk. This patch would hide it with
> asterisks.
>
>
> Diffs
> -----
>
> service-rpc/pom.xml d6a07a55bc
>
> service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
> 3195e704f3
>
>
> Diff: https://reviews.apache.org/r/68710/diff/3/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Karen Coppage
>
>
