[
https://issues.apache.org/jira/browse/SQOOP-2801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15116508#comment-15116508
]
Shashank edited comment on SQOOP-2801 at 1/26/16 2:47 AM:
----------------------------------------------------------
We already evaluated this solution as well but this solution is not very
scalable.Users generally have different password for their rdbms and for each
rdbms job they will create separate file in some location.If we have more than
100 jobs and this number will keep on increasing based on addition of new
tables then it means maintaining those numbers of files.Also if any password
changes then changing password in that many files manually.
This solution will allow to save password in a secure manner in DB.Even
password expires or changes then it can be updated with creating a seperate
encrypted password class and run it.
was (Author: standon):
We evaluate this solution as well but this solution is not very scalable.Users
generally have different password for their rdbms and for each rdbms job they
will create separate file in some location.If we have more than 100 jobs and
this number will keep on increasing based on addition of new tables then it
means maintaining those numbers of files.Also if any password changes then
changing password in that many files manually.
This solution will allow to save password in a secure manner in DB.Even
password expires or changes then it can be updated with creating a seperate
encrypted password class and run it.
> Secure RDBMS password in Sqoop Metastore in a encrypted form
> ------------------------------------------------------------
>
> Key: SQOOP-2801
> URL: https://issues.apache.org/jira/browse/SQOOP-2801
> Project: Sqoop
> Issue Type: Improvement
> Affects Versions: 1.4.6
> Reporter: Shashank
> Assignee: Shashank
> Priority: Minor
> Fix For: 1.4.7
>
> Attachments: SQOOP-2801_0.patch
>
>
> Currently Sqoop store password in the sqoop metastore in the form of plain
> text.While running command,
> sqoop job --show <job_name> , password becomes visible as plain text.Also
> anyone can see the password in metastore db since it is visible in a plain
> text.In order to provide more security, CryptoFileLoader class is extended to
> store password in metastore in encrypted form.Sqoop will decrypt the password
> during exec job.In case of show job , the password will be visible as
> encrypted manner.User can pass any algorithm and passphrase to encrypt the
> password in a similar way as it happens in case of storing password in the
> File.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
