Daniel Dai created HIVE-20651:
---------------------------------
Summary: JdbcStorageHandler password should be encrypted
Key: HIVE-20651
URL: https://issues.apache.org/jira/browse/HIVE-20651
Project: Hive
Issue Type: Improvement
Components: StorageHandler
Reporter: Daniel Dai
Assignee: Daniel Dai
Currently, external jdbc table with JdbcStorageHandler store password as
"hive.sql.dbcp.password" table property in clear text. We should put it in a
keystore file. Here is the proposed change:
{code:java}
….
STORED BY 'org.apache.hive.storage.jdbc.JdbcStorageHandler'
TBLPROPERTIES (
"hive.sql.dbcp.password.keystore" =
"hdfs:///user/hive/credential/postgres.jceks",
"hive.sql.dbcp.password.key" = "mydb.password"
);
{code}
The jceks file is created with:
{code}
hadoop credential create mydb.password -provider
hdfs:///user/hive/credential/postgres.jceks -v secretpassword
{code}
User can choose to put all db password in one jceks, or a separate jceks for
each db.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
