[
https://issues.apache.org/jira/browse/MAPREDUCE-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727630#action_12727630
]
Aaron Kimball commented on MAPREDUCE-710:
-----------------------------------------
This patch adds a {{\-P}} flag which prompts for password on the console using
java.io.Console.readPassword().
It also changes the mysqldump logic to write a user-readable-only file
containing the password and use that instead of {{\-\-password}} on the
command-line, which is insecure. Since mysqldump reads its password directly
from the console, not from stdin, it is impossible to "directly" feed the
password to mysqldump. Thus the user-only file is the means I've chosen to
transmit the password.
I have added a new test case which Hudson won't run by default, to test this
behavior. Users with mysql who wish to run this test should run {{ant jar
\-Dtestcase=MySQLAuthTest}} in the {{src/contrib/sqoop}} directory.
> Sqoop should read and transmit passwords in a more secure manner
> ----------------------------------------------------------------
>
> Key: MAPREDUCE-710
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-710
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Components: contrib/sqoop
> Reporter: Aaron Kimball
> Assignee: Aaron Kimball
> Attachments: MAPREDUCE-710.patch
>
>
> Sqoop's current support for passwords involves reading passwords from the
> command line "--password foo", which makes the password visible to other
> users via 'ps'. An invisible-console approach should be taken.
> Related, Sqoop transmits passwords to mysqldump in the same fashion, which is
> also insecure.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
